avoid symlink attacks in __fish_print_packages and spawning fishd

* use $XDG_CACHE_HOME for __fish_print_packages completion caches * when starting fishd, redirect fishd output to /dev/null, not a predictable path Fix for CVE-2014-3219. Closes #1440.
author: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-04-28 23:37:02 +0800
committer: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-05-12 09:30:05 +0800
commit: 3225d7e169a9edb2f470c26989e7bc8e0d0355ce (patch)
tree: dc5286223db2f3b723fb944bd41e2560d8e02ff2 /env.cpp
parent: 6596d91c8264a8a0705736003c129a4422e91564 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/env.cpp b/env.cpp
index ff62a53f..086f181a 100644
--- a/env.cpp
+++ b/env.cpp
@@ -58,7 +58,7 @@
 #include "fish_version.h"
 
 /** Command used to start fishd */
-#define FISHD_CMD L"fishd ^ /tmp/fishd.log.%s"
+#define FISHD_CMD L"fishd ^ /dev/null"
 
 // Version for easier debugging
 //#define FISHD_CMD L"fishd"
author	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-04-28 23:37:02 +0800
committer	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-05-12 09:30:05 +0800
commit	3225d7e169a9edb2f470c26989e7bc8e0d0355ce (patch)
tree	dc5286223db2f3b723fb944bd41e2560d8e02ff2 /env.cpp
parent	6596d91c8264a8a0705736003c129a4422e91564 (diff)