From: Sven Joachim <svenjoac@gmx.de>
Cc: Emanuele Giaquinta <emanuele.giaquinta@gmail.com>, emacs-devel@gnu.org
Subject: Re: sh-tmp-file inserts unsafe code
Date: Tue, 11 Oct 2005 15:53:54 +0200 [thread overview]
Message-ID: <434BC3F2.9070200@gmx.de> (raw)
In-Reply-To: <E1EOp3h-00015y-36@fencepost.gnu.org>
Richard M. Stallman wrote:
> I installed your changes, and tried extrapolating them to the other shells.
> Thanks.
Well, I wasn't lazy either. :-) Yesterday I installed the es and rc
shells, read their manpages and worked out how they do command
substitution. Both of them use the syntax
`{ commands }
to substitute the group of COMMANDS. Together with Reiner's suggestion
to use the "-t" flag of mktemp (which is more compliant with the GNU
coding standards, honoring the user's TMPDIR environment variable) I
worked out the following patch:
*** sh-script.el 2005-10-10 21:23:45 +0200 1.167
--- sh-script.el 2005-10-11 15:40:08 +0200
***************
*** 3392,3411 ****
"Insert code to setup temporary file handling. See `sh-feature'."
(bash sh-append ksh88)
(csh (file-name-nondirectory (buffer-file-name))
! "set tmp = `mktemp /tmp/" str ".XXXXXX`" \n
"onintr exit" \n _
(and (goto-char (point-max))
(not (bolp))
?\n)
"exit:\n"
"rm $tmp* >&/dev/null" > \n)
- ;; The change to use mktemp here has not been tested;
- ;; I don't know es syntax, so I had to guess.
- ;; If you try it, or if you know es syntax and can check it,
- ;; please tell me whether it needs any change. --rms.
(es (file-name-nondirectory (buffer-file-name))
! > "local( signals = $signals sighup sigint; tmp = `mktemp /tmp/" str
! ".XXXXXX` ) {" \n
> "catch @ e {" \n
> "rm $tmp^* >[2]/dev/null" \n
"throw $e" \n
--- 3392,3407 ----
"Insert code to setup temporary file handling. See `sh-feature'."
(bash sh-append ksh88)
(csh (file-name-nondirectory (buffer-file-name))
! "set tmp = `mktemp -t " str ".XXXXXX`" \n
"onintr exit" \n _
(and (goto-char (point-max))
(not (bolp))
?\n)
"exit:\n"
"rm $tmp* >&/dev/null" > \n)
(es (file-name-nondirectory (buffer-file-name))
! > "local( signals = $signals sighup sigint;" \n
! > "tmp = `{ mktemp -t " str ".XXXXXX } ) {" \n
> "catch @ e {" \n
> "rm $tmp^* >[2]/dev/null" \n
"throw $e" \n
***************
*** 3415,3429 ****
?\} > \n)
(ksh88 sh-modify sh
7 "EXIT")
- ;; The change to use mktemp here has not been tested;
- ;; I don't know rc syntax, so I had to guess.
- ;; If you try it, or if you know rc syntax and can check it,
- ;; please tell me whether it needs any change. --rms.
(rc (file-name-nondirectory (buffer-file-name))
! > "tmp = `mktemp /tmp/" str ".XXXXXX`" \n
"fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
(sh (file-name-nondirectory (buffer-file-name))
! > "TMP=`mktemp ${TMPDIR:-/tmp}/" str ".XXXXXX`" \n
"trap \"rm $TMP* 2>/dev/null\" " ?0 \n))
--- 3411,3421 ----
?\} > \n)
(ksh88 sh-modify sh
7 "EXIT")
(rc (file-name-nondirectory (buffer-file-name))
! > "tmp = `{ mktemp -t " str ".XXXXXX }" \n
"fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
(sh (file-name-nondirectory (buffer-file-name))
! > "TMP=`mktemp -t " str ".XXXXXX`" \n
"trap \"rm $TMP* 2>/dev/null\" " ?0 \n))
I have tested it with example scripts, the code seems to be correct.
Note that font-lock-mode will mis-fontify es and rc scripts because of
the single backtick.
next prev parent reply other threads:[~2005-10-11 13:53 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-09 15:30 sh-tmp-file inserts unsafe code Sven Joachim
2005-10-10 4:14 ` Richard M. Stallman
2005-10-10 8:20 ` Sven Joachim
2005-10-10 10:06 ` Emanuele Giaquinta
2005-10-10 15:10 ` Reiner Steib
2005-10-10 23:47 ` Richard M. Stallman
2005-10-11 13:53 ` Sven Joachim [this message]
[not found] ` <74205160510110729i683ad538xa6bdc6b76f131532@mail.gmail.com>
2005-10-11 14:41 ` Sven Joachim
2005-10-11 16:56 ` Reiner Steib
2005-10-12 16:24 ` Richard M. Stallman
2005-10-11 22:43 ` Richard M. Stallman
2005-10-10 17:46 ` Kevin Rodgers
-- strict thread matches above, loose matches on Subject: below --
2005-10-11 13:55 Sven Joachim
2005-10-12 16:19 Sven Joachim
2005-10-12 19:23 Sven Joachim
2005-10-13 17:26 ` Kevin Rodgers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=434BC3F2.9070200@gmx.de \
--to=svenjoac@gmx.de \
--cc=emacs-devel@gnu.org \
--cc=emanuele.giaquinta@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).