[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
igawk unsafe temporary file handling
From: |
solar |
Subject: |
igawk unsafe temporary file handling |
Date: |
Sun, 27 May 2001 05:30:50 +0400 |
User-agent: |
Mutt/1.2.5i |
Hi,
igawk from gawk-3.0.6 creates its temporary files unsafely.
The attached patch is based on report and an older patch from
Jarno Huuskonen <address@hidden>. The patch requires
mktemp and thus isn't very portable. The only reasonable fallback
when neither mktemp nor tempfile (Debian) is available could be to
place files in a temporary directory under /tmp, but that would
still allow for a DoS attack against igawk itself.
awklib/eg/prog/igawk.sh as included in the tarball should be
re-generated from the patched gawk.texi file. This is done during
builds, anyway.
pc/awklib/igawk could need some kind of a fix as well, -- Windows
tries to be multi-user.
--
/sd
gawk-3.0.6-jh-owl-igawk-tmp.diff
Description: Text document
- igawk unsafe temporary file handling,
solar <=