igawk unsafe temporary file handling

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

igawk unsafe temporary file handling

From:	solar
Subject:	igawk unsafe temporary file handling
Date:	Sun, 27 May 2001 05:30:50 +0400
User-agent:	Mutt/1.2.5i

Hi,

igawk from gawk-3.0.6 creates its temporary files unsafely.

The attached patch is based on report and an older patch from
Jarno Huuskonen <address@hidden>.  The patch requires
mktemp and thus isn't very portable.  The only reasonable fallback
when neither mktemp nor tempfile (Debian) is available could be to
place files in a temporary directory under /tmp, but that would
still allow for a DoS attack against igawk itself.

awklib/eg/prog/igawk.sh as included in the tarball should be
re-generated from the patched gawk.texi file.  This is done during
builds, anyway.

pc/awklib/igawk could need some kind of a fix as well, -- Windows
tries to be multi-user.

-- 
/sd

gawk-3.0.6-jh-owl-igawk-tmp.diff
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

igawk unsafe temporary file handling, solar <=
- Re: igawk unsafe temporary file handling, Paul Eggert, 2001/05/27
  - Re: igawk unsafe temporary file handling, solar, 2001/05/27
    - Re: igawk unsafe temporary file handling, Paul Eggert, 2001/05/27
    - Re: igawk unsafe temporary file handling, solar, 2001/05/27
    - Re: igawk unsafe temporary file handling, Volker Borchert, 2001/05/28

Prev by Date: gettext: Please update libtool in and make it work with autoconf-2.50
Next by Date: tar bug?
Previous by thread: gettext: Please update libtool in and make it work with autoconf-2.50
Next by thread: Re: igawk unsafe temporary file handling
Index(es):
- Date
- Thread