[Pkg-grass-general] Re: [GRASS bug #2877] Insecure tempfile creation

[Hamish <hamish_nospam@yahoo.com>]

> > Just an update re. less-insecure tempfiles ..

almost done now.  The g.tempfile module didn't need to be changed.


Maybe someone can help me with this one:
lib/db/stubs/BUILD.PROTO

It's fairly simple but I'm at a loss as to how to fix it.

a) store multiline data as a shell environmental variable?
    No idea how to do that well.
     -- hey, there's no #!/bin/sh ? beware csh setenv etc.

b) store temporary file in `pwd` which is the build dir? (& therefore
   always writeable by the user)
     -- i.e. make first line "tmp=build_proto_tmp.$$"


As this is only used during build time it isn't a vulnerability
in the end package, but still would be nice to fix.



==================================

tmp=/tmp/$$
rm -f $tmp
make.proto *.c > $tmp
awk '/^#undef/{next}/^ *#/{print}' $tmp
echo ""
cat $tmp | \
    awk '/^struct /{print "REMOVED:" $0 > "/dev/tty"; next}{print}' | \
    awk '/db_/ {printf "%s %s",$2,$1
	        for (i=3; i<=NF; i++) printf (" %s", $i)
		print ""
		}' | \
    sort -d | \
    awk '{type = $2}
	 {name = $1}
	 name ~ /^\*/ {type = type " *"; name = substr(name,2,length(name))}
	 {printf ("%-5s %-25s",type,name)
	  for (i=3; i<=NF; i++) printf (" %s", $i)
	  print ""
	 } '
echo ""
awk '/^#undef/{print}' $tmp
rm -f $tmp

====================================



thanks,
Hamish