Avoid security hole allowing attacker to

cause user of rcs2log to overwrite arbitrary files, fixing a bug reported by Morten Welinder. Don't put "exit 1" at the end of the exit trap; it's ineffective in POSIX shells.
author: Gerd Moellmann 2001-01-03 12:04:06 +0000
committer: Gerd Moellmann 2001-01-03 12:04:06 +0000
commit: 38186d678fae2781c441c2e9273d97243647a7ad (patch)
tree: d6cc4c274a9f4fa7db981bb9ef82bd5f60a8663c /lib-src
parent: 04212fcbbd5616b5fb4c64b9ac35a8abca64cb40 (diff)
download: emacs-38186d678fae2781c441c2e9273d97243647a7ad.tar.gz
emacs-38186d678fae2781c441c2e9273d97243647a7ad.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/lib-src/rcs2log b/lib-src/rcs2log
index f41552e110d..dd49a04f3c2 100755
--- a/lib-src/rcs2log
+++ b/lib-src/rcs2log
@@ -28,7 +28,7 @@ Options:
 Report bugs to <bug-gnu-emacs@gnu.org>.'
-Id='$Id: rcs2log,v 1.44 1998/08/12 14:22:14 eggert Exp eggert $'
+Id='$Id: rcs2log,v 1.46 2001/01/02 18:50:14 eggert Exp $'
 # Copyright 1992, 93, 94, 95, 96, 97, 1998 Free Software Foundation, Inc.
@@ -300,10 +300,12 @@ case $# in
        esac
 esac
-llogout=$TMPDIR/rcs2log$$l
+logdir=$TMPDIR/rcs2log$$
-rlogout=$TMPDIR/rcs2log$$r
+llogout=$logdir/l
+rlogout=$logdir/r
 trap exit 1 2 13 15
-trap "rm -f $llogout $rlogout; exit 1" 0
+trap "rm -fr $logdir 2>/dev/null" 0
+(umask 077 && exec mkdir $logdir) || exit
 case $datearg in
 ?*) $rlog $rlog_options "$datearg" ${1+"$@"} >$rlogout;;
@@ -670,7 +672,7 @@ $AWK '
 # Exit successfully.
-exec rm -f $llogout $rlogout
+exec rm -fr $logdir
 # Local Variables:
 # tab-width:4
author	Gerd Moellmann	2001-01-03 12:04:06 +0000
committer	Gerd Moellmann	2001-01-03 12:04:06 +0000
commit	38186d678fae2781c441c2e9273d97243647a7ad (patch)
tree	d6cc4c274a9f4fa7db981bb9ef82bd5f60a8663c /lib-src
parent	04212fcbbd5616b5fb4c64b9ac35a8abca64cb40 (diff)
download	emacs-38186d678fae2781c441c2e9273d97243647a7ad.tar.gz emacs-38186d678fae2781c441c2e9273d97243647a7ad.zip