Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 42265 Details for
Bug 66360
dev-lang/perl: Insecure tempfile handling
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Edited version
patch-reviewed (text/plain), 9.64 KB, created by
Michael Cummings (RETIRED)
on 2004-10-20 13:31:01 UTC
(
hide
)
Description:
Edited version
Filename:
MIME Type:
Creator:
Michael Cummings (RETIRED)
Created:
2004-10-20 13:31:01 UTC
Size:
9.64 KB
patch
obsolete
>diff -ur perl-5.8.3.orig/ext/DB_File/t/db-recno.t perl-5.8.3/ext/DB_File/t/db-recno.t >--- perl-5.8.3.orig/ext/DB_File/t/db-recno.t Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/DB_File/t/db-recno.t Sun Jan 25 18:53:51 2004 >@@ -1198,7 +1198,7 @@ > > my $testnum = 181; > my $failed = 0; >-require POSIX; my $tmp = POSIX::tmpnam(); >+my $tmp = "dbr$$"; > foreach my $test (@tests) { > my $err = test_splice(@$test); > if (defined $err) { > > >diff -ur perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm perl-5.8.3/ext/Devel/PPPort/PPPort.pm >--- perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/ext/Devel/PPPort/PPPort.pm Sun Jan 25 16:16:53 2004 >@@ -349,13 +349,13 @@ > } > > if ($changes) { >- open(OUT,">/tmp/ppport.h.$$"); >+ open(OUT,"ppport.h.$$"); > print OUT $c; > close(OUT); >- open(DIFF, "diff -u $filename /tmp/ppport.h.$$|"); >- while (<DIFF>) { s!/tmp/ppport\.h\.$$!$filename.patched!; print STDOUT; } >+ open(DIFF, "diff -u $filename ppport.h.$$|"); >+ while (<DIFF>) { s!ppport\.h\.$$!$filename.patched!; print STDOUT; } > close(DIFF); >- unlink("/tmp/ppport.h.$$"); >+ unlink("ppport.h.$$"); > } else { > print "Looks OK\n"; > } > >diff -ur perl-5.8.3.orig/ext/IO/t/io_unix.t perl-5.8.3/ext/IO/t/io_unix.t >--- perl-5.8.3.orig/ext/IO/t/io_unix.t Tue Sep 30 17:10:17 2003 >+++ perl-5.8.3/ext/IO/t/io_unix.t Sun Jan 25 16:17:43 2004 >@@ -24,7 +24,7 @@ > elsif ($^O eq 'os2') { > require IO::Socket; > >- eval {IO::Socket::pack_sockaddr_un('/tmp/foo') || 1} >+ eval {IO::Socket::pack_sockaddr_un('/foo/bar') || 1} > or $@ !~ /not implemented/ or > $reason = 'compiled without TCP/IP stack v4'; > } elsif ($^O =~ m/^(?:qnx|nto|vos)$/ ) { >@@ -37,7 +37,7 @@ > } > } > >-$PATH = "/tmp/sock-$$"; >+$PATH = "sock-$$"; > > # Test if we can create the file within the tmp directory > if (-e $PATH or not open(TEST, ">$PATH") and $^O ne 'os2') { > >diff -ur perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL perl-5.8.3/ext/Time/HiRes/Makefile.PL >--- perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL Tue Oct 28 20:35:51 2003 >+++ perl-5.8.3/ext/Time/HiRes/Makefile.PL Sun Jan 25 16:27:01 2004 >@@ -71,19 +71,11 @@ > # without changing it, and then I'd always forget to change it before a > # release. Sorry, Edward :) > >-sub TMPDIR { >- my $TMPDIR = >- (grep(defined $_ && -d $_ && -w _, >- ((defined $ENV{'TMPDIR'} ? $ENV{'TMPDIR'} : undef), >- qw(/var/tmp /usr/tmp /tmp c:/temp))))[0]; >- $TMPDIR || die "Cannot find writable temporary directory.\n"; >-} >- > sub try_compile_and_link { > my ($c, %args) = @_; > > my ($ok) = 0; >- my ($tmp) = (($^O eq 'VMS') ? "sys\$scratch:tmp$$" : TMPDIR() . '/' . "tmp$$"); >+ my ($tmp) = "tmp$$"; > local(*TMPC); > > my $obj_ext = $Config{obj_ext} || ".o"; > >diff -ur perl-5.8.3.orig/lib/ExtUtils/instmodsh perl-5.8.3/lib/ExtUtils/instmodsh >--- perl-5.8.3.orig/lib/ExtUtils/instmodsh Tue Sep 30 17:10:47 2003 >+++ perl-5.8.3/lib/ExtUtils/instmodsh Mon Jan 19 20:14:11 2004 >@@ -2,6 +2,7 @@ > > use strict; > use IO::File; >+use File::Temp; > use ExtUtils::Packlist; > use ExtUtils::Installed; > >@@ -58,16 +59,12 @@ > $reply =~ /^t\s*/ and do > { > my $file = (split(' ', $reply))[1]; >- my $tmp = "/tmp/inst.$$"; >- if (my $fh = IO::File->new($tmp, "w")) >- { >- $fh->print(join("\n", $Inst->files($module))); >- $fh->close(); >- system("tar cvf $file -I $tmp"); >- unlink($tmp); >- last CASE; >- } >- else { print("Can't open $file: $!\n"); } >+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); >+ $fh->print(join("\n", $Inst->files($module))); >+ $fh->close(); >+ # This used to use -I which is wrong for GNU tar. >+ system("tar cvf $file -T $tmp"); >+ unlink($tmp); > last CASE; > }; > $reply eq 'v' and do >diff -ur perl-5.8.3.orig/lib/ExtUtils/instmodsh perl-5.8.3/lib/ExtUtils/instmodsh >--- perl-5.8.3.orig/lib/ExtUtils/instmodsh Tue Sep 30 17:10:47 2003 >+++ perl-5.8.3/lib/ExtUtils/instmodsh Mon Jan 19 20:14:11 2004 >@@ -2,6 +2,7 @@ > > use strict; > use IO::File; >+use File::Temp; > use ExtUtils::Packlist; > use ExtUtils::Installed; > >@@ -58,16 +59,12 @@ > $reply =~ /^t\s*/ and do > { > my $file = (split(' ', $reply))[1]; >- my $tmp = "/tmp/inst.$$"; >- if (my $fh = IO::File->new($tmp, "w")) >- { >- $fh->print(join("\n", $Inst->files($module))); >- $fh->close(); >- system("tar cvf $file -I $tmp"); >- unlink($tmp); >- last CASE; >- } >- else { print("Can't open $file: $!\n"); } >+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1); >+ $fh->print(join("\n", $Inst->files($module))); >+ $fh->close(); >+ # This used to use -I which is wrong for GNU tar. >+ system("tar cvf $file -T $tmp"); >+ unlink($tmp); > last CASE; > }; > $reply eq 'v' and do > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie.t perl-5.8.3/lib/Memoize/t/tie.t >--- perl-5.8.3.orig/lib/Memoize/t/tie.t Tue Sep 30 17:10:58 2003 >+++ perl-5.8.3/lib/Memoize/t/tie.t Sun Jan 25 16:54:31 2004 >@@ -29,14 +29,7 @@ > $_[0]+1; > } > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import('tmpdir', 'catfile'); >- $tmpdir = tmpdir(); >-} else { >- *catfile = sub { join '/', @_ }; >- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-} >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > @files = ($file, "$file.db", "$file.dir", "$file.pag"); > 1 while unlink @files; > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t perl-5.8.3/lib/Memoize/t/tie_gdbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t Tue Sep 30 17:10:58 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_gdbm.t Sun Jan 25 16:53:07 2004 >@@ -26,13 +26,7 @@ > > print "1..4\n"; > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('GDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; > > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t perl-5.8.3/lib/Memoize/t/tie_ndbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_ndbm.t Sun Jan 25 16:53:56 2004 >@@ -28,14 +28,7 @@ > > print "1..4\n"; > >- >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('Memoize::NDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t perl-5.8.3/lib/Memoize/t/tie_sdbm.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_sdbm.t Sun Jan 25 16:52:33 2004 >@@ -28,14 +28,7 @@ > > print "1..4\n"; > >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import('tmpdir', 'catfile'); >- $tmpdir = tmpdir(); >-} else { >- *catfile = sub { join '/', @_ }; >- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-} >-$file = catfile($tmpdir, "md$$"); >+$file = "md$$"; > 1 while unlink $file, "$file.dir", "$file.pag"; > tryout('Memoize::SDBM_File', $file, 1); # Test 1..4 > 1 while unlink $file, "$file.dir", "$file.pag"; > >diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_storable.t perl-5.8.3/lib/Memoize/t/tie_storable.t >--- perl-5.8.3.orig/lib/Memoize/t/tie_storable.t Tue Sep 30 17:10:59 2003 >+++ perl-5.8.3/lib/Memoize/t/tie_storable.t Sun Jan 25 16:53:25 2004 >@@ -33,14 +33,7 @@ > > print "1..4\n"; > >- >-if (eval {require File::Spec::Functions}) { >- File::Spec::Functions->import(); >-} else { >- *catfile = sub { join '/', @_ }; >-} >-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp'; >-$file = catfile($tmpdir, "storable$$"); >+$file = "storable$$"; > 1 while unlink $file; > tryout('Memoize::Storable', $file, 1); # Test 1..4 > 1 while unlink $file; > >diff -ur perl-5.8.3.orig/lib/perl5db.pl perl-5.8.3/lib/perl5db.pl >--- perl-5.8.3.orig/lib/perl5db.pl Mon Jan 19 18:46:25 2004 >+++ perl-5.8.3/lib/perl5db.pl Mon Jan 19 20:14:11 2004 >@@ -206,7 +206,7 @@ > =item * noTTY > > if set, goes in NonStop mode. On interrupt, if TTY is not set, >-uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using >+uses the value of noTTY or "/var/run/perldbtty$$" to find TTY using > Term::Rendezvous. Current variant is to have the name of TTY in this > file. > >@@ -5689,8 +5689,8 @@ > else { > eval "require Term::Rendezvous;" or die; > # See if we have anything to pass to Term::Rendezvous. >- # Use /tmp/perldbtty$$ if not. >- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$"; >+ # Use /var/run/perldbtty$$ if not. >+ my $rv = $ENV{PERLDB_NOTTY} || "/var/run/perldbtty$$"; > > # Rendezvous and get the filehandles. > my $term_rv = new Term::Rendezvous $rv; > > >diff -ur perl-5.8.3.orig/utils/perlbug.PL perl-5.8.3/utils/perlbug.PL >--- perl-5.8.3.orig/utils/perlbug.PL Tue Sep 30 17:12:10 2003 >+++ perl-5.8.3/utils/perlbug.PL Mon Jan 19 20:14:11 2004 >@@ -78,7 +78,7 @@ > print OUT <<'!NO!SUBS!'; > > use Config; >-use File::Spec; # keep perlbug Perl 5.005 compatible >+use File::Temp; > use Getopt::Std; > use strict; > >@@ -958,10 +958,9 @@ > } > > sub filename { >- my $dir = File::Spec->tmpdir(); >- $filename = "bugrep0$$"; >- $filename++ while -e File::Spec->catfile($dir, $filename); >- $filename = File::Spec->catfile($dir, $filename); >+ my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1); >+ close($fh); >+ return $filename; > } > > sub paraprint {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 66360
:
41099
|
41172
| 42265