use mktemp(1) to generate temporary file names

Fix for CVE-2014-2906. Closes a race condition in funced which would allow execution of arbitrary code; closes a race condition in psub which would allow alternation of the data stream. Note that `psub -f` does not work (#1040); a fix should be committed separately for ease of maintenance. Closes #1437
author: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-04-20 23:51:20 +0800
committer: David Adam <zanchey@ucc.gu.uwa.edu.au> 2014-04-28 10:42:00 +0800
commit: 55bc4168bf019374422807038d32bc3147dd94f6 (patch)
tree: bac2dd63131233997186dcccd8f11564f44c55b4 /share/functions/psub.fish
parent: ba1b5e34a77369e28ff563e47c088c55664a8a11 (diff)
1 files changed, 3 insertions, 8 deletions
diff --git a/share/functions/psub.fish b/share/functions/psub.fish
index 42e34c73..7877aa4e 100644
--- a/share/functions/psub.fish
+++ b/share/functions/psub.fish
@@ -45,21 +45,16 @@ function psub --description "Read from stdin into a file and output the filename
 		return
 	end
 
-	# Find unique file name for writing output to
-	while true
-		set filename /tmp/.psub.(echo %self).(random);
-		if not test -e $filename
-			break;
-		end
-	end
-
 	if test use_fifo = 1
 		# Write output to pipe. This needs to be done in the background so
 		# that the command substitution exits without needing to wait for
 		# all the commands to exit
+                set dir (mktemp -d /tmp/.psub.XXXXXXXXXX); or return
+                set filename $dir/psub.fifo
 		mkfifo $filename
 		cat >$filename &
 	else
+                set filename (mktemp /tmp/.psub.XXXXXXXXXX)
 		cat >$filename
 	end
author	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-04-20 23:51:20 +0800
committer	David Adam <zanchey@ucc.gu.uwa.edu.au>	2014-04-28 10:42:00 +0800
commit	55bc4168bf019374422807038d32bc3147dd94f6 (patch)
tree	bac2dd63131233997186dcccd8f11564f44c55b4 /share/functions/psub.fish
parent	ba1b5e34a77369e28ff563e47c088c55664a8a11 (diff)