diff options
author | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-04-20 23:51:20 +0800 |
---|---|---|
committer | David Adam <zanchey@ucc.gu.uwa.edu.au> | 2014-04-28 10:42:00 +0800 |
commit | 55bc4168bf019374422807038d32bc3147dd94f6 (patch) | |
tree | bac2dd63131233997186dcccd8f11564f44c55b4 /share/functions/psub.fish | |
parent | ba1b5e34a77369e28ff563e47c088c55664a8a11 (diff) |
use mktemp(1) to generate temporary file names
Fix for CVE-2014-2906.
Closes a race condition in funced which would allow execution of
arbitrary code; closes a race condition in psub which would allow
alternation of the data stream.
Note that `psub -f` does not work (#1040); a fix should be committed
separately for ease of maintenance.
Closes #1437
Diffstat (limited to 'share/functions/psub.fish')
-rw-r--r-- | share/functions/psub.fish | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/share/functions/psub.fish b/share/functions/psub.fish index 42e34c73..7877aa4e 100644 --- a/share/functions/psub.fish +++ b/share/functions/psub.fish @@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename return end - # Find unique file name for writing output to - while true - set filename /tmp/.psub.(echo %self).(random); - if not test -e $filename - break; - end - end - if test use_fifo = 1 # Write output to pipe. This needs to be done in the background so # that the command substitution exits without needing to wait for # all the commands to exit + set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return + set filename $dir/psub.fifo mkfifo $filename cat >$filename & else + set filename (mktemp /tmp/.psub.XXXXXXXXXX) cat >$filename end |