Re: sh-tmp-file inserts unsafe code

[Sven Joachim]

Richard M. Stallman wrote:
> I installed your changes, and tried extrapolating them to the other shells.
> Thanks.

Well, I wasn't lazy either. :-)  Yesterday I installed the es and rc
shells, read their manpages and worked out how they do command
substitution.  Both of them use the syntax

                     `{ commands }

to substitute the group of COMMANDS.  Together with Reiner's suggestion
to use the "-t" flag of mktemp (which is more compliant with the GNU
coding standards, honoring the user's TMPDIR environment variable) I
worked out the following patch:

*** sh-script.el        2005-10-10 21:23:45     +0200   1.167
--- sh-script.el        2005-10-11 15:40:08     +0200
***************
*** 3392,3411 ****
    "Insert code to setup temporary file handling.  See `sh-feature'."
    (bash sh-append ksh88)
    (csh (file-name-nondirectory (buffer-file-name))
!        "set tmp = `mktemp /tmp/" str ".XXXXXX`" \n
         "onintr exit" \n _
         (and (goto-char (point-max))
            (not (bolp))
            ?\n)
         "exit:\n"
         "rm $tmp* >&/dev/null" > \n)
-   ;; The change to use mktemp here has not been tested;
-   ;; I don't know es syntax, so I had to guess.
-   ;; If you try it, or if you know es syntax and can check it,
-   ;; please tell me whether it needs any change.  --rms.
    (es (file-name-nondirectory (buffer-file-name))
!       > "local( signals = $signals sighup sigint; tmp = `mktemp /tmp/" str
!       ".XXXXXX` ) {" \n
        > "catch @ e {" \n
        > "rm $tmp^* >[2]/dev/null" \n
        "throw $e" \n
--- 3392,3407 ----
    "Insert code to setup temporary file handling.  See `sh-feature'."
    (bash sh-append ksh88)
    (csh (file-name-nondirectory (buffer-file-name))
!        "set tmp = `mktemp -t " str ".XXXXXX`" \n
         "onintr exit" \n _
         (and (goto-char (point-max))
            (not (bolp))
            ?\n)
         "exit:\n"
         "rm $tmp* >&/dev/null" > \n)
    (es (file-name-nondirectory (buffer-file-name))
!       > "local( signals = $signals sighup sigint;" \n
!       > "tmp = `{ mktemp -t " str ".XXXXXX } ) {" \n
        > "catch @ e {" \n
        > "rm $tmp^* >[2]/dev/null" \n
        "throw $e" \n
***************
*** 3415,3429 ****
        ?\} > \n)
    (ksh88 sh-modify sh
         7 "EXIT")
-   ;; The change to use mktemp here has not been tested;
-   ;; I don't know rc syntax, so I had to guess.
-   ;; If you try it, or if you know rc syntax and can check it,
-   ;; please tell me whether it needs any change.  --rms.
    (rc (file-name-nondirectory (buffer-file-name))
!       > "tmp = `mktemp /tmp/" str ".XXXXXX`" \n
        "fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
    (sh (file-name-nondirectory (buffer-file-name))
!       > "TMP=`mktemp ${TMPDIR:-/tmp}/" str ".XXXXXX`" \n
        "trap \"rm $TMP* 2>/dev/null\" " ?0 \n))


--- 3411,3421 ----
        ?\} > \n)
    (ksh88 sh-modify sh
         7 "EXIT")
    (rc (file-name-nondirectory (buffer-file-name))
!       > "tmp = `{ mktemp -t " str ".XXXXXX }" \n
        "fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
    (sh (file-name-nondirectory (buffer-file-name))
!       > "TMP=`mktemp -t " str ".XXXXXX`" \n
        "trap \"rm $TMP* 2>/dev/null\" " ?0 \n))




I have tested it with example scripts, the code seems to be correct.
Note that font-lock-mode will mis-fontify es and rc scripts because of
the single backtick.