Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: [PATCH] Re: Insecure tempfile creation

X-seq: zsh-workers 34073
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: <zsh-workers@xxxxxxx>
Subject: Re: [PATCH] Re: Insecure tempfile creation
Date: Sun, 28 Dec 2014 20:01:42 -0800
In-reply-to: <20141229004957.GA1737@tarsus.local2>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> <141228004101.ZM28486@torch.brasslantern.com> <20141229004957.GA1737@tarsus.local2>

On Dec 29, 12:49am, Daniel Shahaf wrote:
}
} Your patches look good to me, including the rmdir

I avoided using "mkdir -m 0700" in favor of the chmod but then found some
other places where mkdir is passed the -m option.  So maybe that should
be tweaked.

} but except for:
} 
} > -	} =(: temporary file)
} > +	} =(<<<'temporary file')
} 
} I assume =(<<<'') was the intention.

I meant to say something about that but forgot.

The places where I left that immediately use >|$1 to clobber the file,
so it doesn't matter if the file starts out empty; I hoped it could be
a clue to the reader what was going on.

References:
- Insecure tempfile creation
  - From: Daniel Shahaf
- Re: Insecure tempfile creation
  - From: Bart Schaefer
- [PATCH] Re: Insecure tempfile creation
  - From: Bart Schaefer
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Bart Schaefer
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Daniel Shahaf

Messages sorted by: Reverse Date, Date, Thread, Author