CVSROOT: /sources/groff
Module name: groff
Changes by: Keith Marshall <keithmarshall> 10/12/02 17:14:17
Modified files:
contrib/pdfmark: ChangeLog pdfroff.man pdfroff.sh
Log message:
Address potential temporary file security vulnerabilities.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/groff/contrib/pdfmark/ChangeLog?cvsroot=groff&r1=1.26&r2=1.27
http://cvs.savannah.gnu.org/viewcvs/groff/contrib/pdfmark/pdfroff.man?cvsroot=groff&r1=1.13&r2=1.14
http://cvs.savannah.gnu.org/viewcvs/groff/contrib/pdfmark/pdfroff.sh?cvsroot=groff&r1=1.16&r2=1.17
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/groff/groff/contrib/pdfmark/ChangeLog,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -b -r1.26 -r1.27
--- ChangeLog 16 Aug 2009 20:57:02 -0000 1.26
+++ ChangeLog 2 Dec 2010 17:14:16 -0000 1.27
@@ -1,3 +1,11 @@
+2010-12-02 Keith Marshall <keith.d.marsh...@ntlworld.com>
+
+ Address potential temporary file security vulnerabilities.
+
+ * pdfroff.sh (GROFF_TMPDIR): Use mktemp(1) to assign it, if possible;
+ fall back to ${TMPDIR}, ${TMP} or ${TEMP} if unsuccessful.
+ * pdfroff.man: Document it.
+
2009-08-16 Colin Watson <cjwat...@debian.org>
Make pdfroff's GhostScript invocation safer.
Index: pdfroff.man
===================================================================
RCS file: /sources/groff/groff/contrib/pdfmark/pdfroff.man,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- pdfroff.man 16 Aug 2009 20:57:02 -0000 1.13
+++ pdfroff.man 2 Dec 2010 17:14:16 -0000 1.14
@@ -645,10 +645,24 @@
.P
Temporary files, created by
.BR pdfroff ,
-are placed in the directory specified by environment variables (see
-section
-.BR ENVIRONMENT ),
-and named according to the convention
+are placed in the file system hierarchy,
+in or below the directory specified by environment variables
+(see section
+.BR ENVIRONMENT ).
+If
+.BR mktemp (@MAN1EXT@)
+is available,
+it is invoked to create a private subdirectory of
+the nominated temporary files directory,
+(with subdirectory name derived from the template
+.BR pdfroff-XXXXXXXXXX );
+if this subdirectory is successfully created,
+the temporary files will be placed within it,
+otherwise they will be placed directly in the directory
+nominated in the environment.
+.P
+All temporary files themselves
+are named according to the convention
.BI pdf $$ .*\c
\&, where
.I $$
Index: pdfroff.sh
===================================================================
RCS file: /sources/groff/groff/contrib/pdfmark/pdfroff.sh,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -b -r1.16 -r1.17
--- pdfroff.sh 16 Aug 2009 20:57:02 -0000 1.16
+++ pdfroff.sh 2 Dec 2010 17:14:16 -0000 1.17
@@ -135,9 +135,40 @@
echo $2`
fi
#
-# Set up temporary/intermediate file locations.
+# Set up temporary/intermediate file locations, with traps to
+# clean them up on exit. Note that, for greater portability, we
+# prefer to refer to events by number, rather than by symbolic
+# names; thus, the EXIT event is trapped as event zero.
+#
+ export TMPDIR GROFF_TMPDIR
+ TMPDIR=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}
+ if GROFF_TMPDIR=`exec 2>${NULLDEV}; mktemp -dt pdfroff-XXXXXXXXXX`
+ then
+ #
+ # We successfully created a private temporary directory,
+ # so to clean up, we may simply purge it.
+ #
+ trap "rm -rf ${GROFF_TMPDIR}" 0
+ #
+ else
+ #
+ # Creation of a private temporary directory was unsuccessful;
+ # fall back to user nominated directory, (using current directory
+ # as default), and schedule removal of only the temporary files.
+ #
+ GROFF_TMPDIR=${TMPDIR}
+ trap "rm -f ${GROFF_TMPDIR}/pdf$$.*" 0
+ fi
+ #
+ # In the case of abnormal termination events, we force an exit
+ # (with status code '1'), leaving the normal exit trap to clean
+ # up the temporary files, as above. Note that we again prefer
+ # to refer to events by number, rather than by symbolic names;
+ # here we trap SIGHUP, SIGINT, SIGQUIT, SIGPIPE and SIGTERM.
+ #
+ trap "exit 1" 1 2 3 13 15
#
- WRKFILE=${GROFF_TMPDIR=${TMPDIR-${TMP-${TEMP-"."}}}}/pdf$$.tmp
+ WRKFILE=${GROFF_TMPDIR}/pdf$$.tmp
#
REFCOPY=${GROFF_TMPDIR}/pdf$$.cmp
REFFILE=${GROFF_TMPDIR}/pdf$$.ref
@@ -146,11 +177,6 @@
TC_DATA=${GROFF_TMPDIR}/pdf$$.tc
BD_DATA=${GROFF_TMPDIR}/pdf$$.ps
#
-# Set a trap, to delete temporary files on exit.
-# (FIXME: may want to include other signals, in released version).
-#
- trap "rm -f ${GROFF_TMPDIR}/pdf$$.*" 0
-#
# Initialise 'groff' format control settings,
# to discriminate table of contents and document body formatting passes.
#
@@ -627,4 +653,4 @@
$SAY >&2 ". done"
#
#
------------------------------------------------------------------------------
-# $RCSfile: pdfroff.sh,v $ $Revision: 1.16 $: end of file
+# $RCSfile: pdfroff.sh,v $ $Revision: 1.17 $: end of file
_______________________________________________
Groff-commit mailing list
Groff-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/groff-commit
