[Pkg-grass-general] Re: [GRASS bug #2877] Insecure tempfile creation
> > Just an update re. less-insecure tempfiles ..
almost done now. The g.tempfile module didn't need to be changed.
Maybe someone can help me with this one:
lib/db/stubs/BUILD.PROTO
It's fairly simple but I'm at a loss as to how to fix it.
a) store multiline data as a shell environmental variable?
No idea how to do that well.
-- hey, there's no #!/bin/sh ? beware csh setenv etc.
b) store temporary file in `pwd` which is the build dir? (& therefore
always writeable by the user)
-- i.e. make first line "tmp=build_proto_tmp.$$"
As this is only used during build time it isn't a vulnerability
in the end package, but still would be nice to fix.
==================================
tmp=/tmp/$$
rm -f $tmp
make.proto *.c > $tmp
awk '/^#undef/{next}/^ *#/{print}' $tmp
echo ""
cat $tmp | \
awk '/^struct /{print "REMOVED:" $0 > "/dev/tty"; next}{print}' | \
awk '/db_/ {printf "%s %s",$2,$1
for (i=3; i<=NF; i++) printf (" %s", $i)
print ""
}' | \
sort -d | \
awk '{type = $2}
{name = $1}
name ~ /^\*/ {type = type " *"; name = substr(name,2,length(name))}
{printf ("%-5s %-25s",type,name)
for (i=3; i<=NF; i++) printf (" %s", $i)
print ""
} '
echo ""
awk '/^#undef/{print}' $tmp
rm -f $tmp
====================================
thanks,
Hamish
Reply to: