From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Sven Joachim Newsgroups: gmane.emacs.devel Subject: Re: sh-tmp-file inserts unsafe code Date: Tue, 11 Oct 2005 15:53:54 +0200 Message-ID: <434BC3F2.9070200@gmx.de> References: <4349379C.60103@gmx.de> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1129040451 29926 80.91.229.2 (11 Oct 2005 14:20:51 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 11 Oct 2005 14:20:51 +0000 (UTC) Cc: Emanuele Giaquinta , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 11 16:20:49 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EPKwc-000365-GG for ged-emacs-devel@m.gmane.org; Tue, 11 Oct 2005 16:17:31 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EPKwc-0001We-6I for ged-emacs-devel@m.gmane.org; Tue, 11 Oct 2005 10:17:30 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1EPKwQ-0001WE-Vd for emacs-devel@gnu.org; Tue, 11 Oct 2005 10:17:19 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1EPKwQ-0001W2-Ct for emacs-devel@gnu.org; Tue, 11 Oct 2005 10:17:18 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EPKwQ-0001Vz-Ak for emacs-devel@gnu.org; Tue, 11 Oct 2005 10:17:18 -0400 Original-Received: from [213.165.64.20] (helo=mail.gmx.net) by monty-python.gnu.org with smtp (Exim 4.34) id 1EPKwP-0007Vj-Kj for emacs-devel@gnu.org; Tue, 11 Oct 2005 10:17:18 -0400 Original-Received: (qmail invoked by alias); 11 Oct 2005 14:17:15 -0000 Original-Received: from unknown (EHLO [192.168.5.15]) [217.13.171.59] by mail.gmx.net (mp013) with SMTP; 11 Oct 2005 16:17:15 +0200 X-Authenticated: #28250155 User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) X-Accept-Language: de-DE, de, en-us, en Original-To: rms@gnu.org In-Reply-To: X-Y-GMX-Trusted: 0 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:43866 Archived-At: Richard M. Stallman wrote: > I installed your changes, and tried extrapolating them to the other shells. > Thanks. Well, I wasn't lazy either. :-) Yesterday I installed the es and rc shells, read their manpages and worked out how they do command substitution. Both of them use the syntax `{ commands } to substitute the group of COMMANDS. Together with Reiner's suggestion to use the "-t" flag of mktemp (which is more compliant with the GNU coding standards, honoring the user's TMPDIR environment variable) I worked out the following patch: *** sh-script.el 2005-10-10 21:23:45 +0200 1.167 --- sh-script.el 2005-10-11 15:40:08 +0200 *************** *** 3392,3411 **** "Insert code to setup temporary file handling. See `sh-feature'." (bash sh-append ksh88) (csh (file-name-nondirectory (buffer-file-name)) ! "set tmp = `mktemp /tmp/" str ".XXXXXX`" \n "onintr exit" \n _ (and (goto-char (point-max)) (not (bolp)) ?\n) "exit:\n" "rm $tmp* >&/dev/null" > \n) - ;; The change to use mktemp here has not been tested; - ;; I don't know es syntax, so I had to guess. - ;; If you try it, or if you know es syntax and can check it, - ;; please tell me whether it needs any change. --rms. (es (file-name-nondirectory (buffer-file-name)) ! > "local( signals = $signals sighup sigint; tmp = `mktemp /tmp/" str ! ".XXXXXX` ) {" \n > "catch @ e {" \n > "rm $tmp^* >[2]/dev/null" \n "throw $e" \n --- 3392,3407 ---- "Insert code to setup temporary file handling. See `sh-feature'." (bash sh-append ksh88) (csh (file-name-nondirectory (buffer-file-name)) ! "set tmp = `mktemp -t " str ".XXXXXX`" \n "onintr exit" \n _ (and (goto-char (point-max)) (not (bolp)) ?\n) "exit:\n" "rm $tmp* >&/dev/null" > \n) (es (file-name-nondirectory (buffer-file-name)) ! > "local( signals = $signals sighup sigint;" \n ! > "tmp = `{ mktemp -t " str ".XXXXXX } ) {" \n > "catch @ e {" \n > "rm $tmp^* >[2]/dev/null" \n "throw $e" \n *************** *** 3415,3429 **** ?\} > \n) (ksh88 sh-modify sh 7 "EXIT") - ;; The change to use mktemp here has not been tested; - ;; I don't know rc syntax, so I had to guess. - ;; If you try it, or if you know rc syntax and can check it, - ;; please tell me whether it needs any change. --rms. (rc (file-name-nondirectory (buffer-file-name)) ! > "tmp = `mktemp /tmp/" str ".XXXXXX`" \n "fn sigexit { rm $tmp^* >[2]/dev/null }" \n) (sh (file-name-nondirectory (buffer-file-name)) ! > "TMP=`mktemp ${TMPDIR:-/tmp}/" str ".XXXXXX`" \n "trap \"rm $TMP* 2>/dev/null\" " ?0 \n)) --- 3411,3421 ---- ?\} > \n) (ksh88 sh-modify sh 7 "EXIT") (rc (file-name-nondirectory (buffer-file-name)) ! > "tmp = `{ mktemp -t " str ".XXXXXX }" \n "fn sigexit { rm $tmp^* >[2]/dev/null }" \n) (sh (file-name-nondirectory (buffer-file-name)) ! > "TMP=`mktemp -t " str ".XXXXXX`" \n "trap \"rm $TMP* 2>/dev/null\" " ?0 \n)) I have tested it with example scripts, the code seems to be correct. Note that font-lock-mode will mis-fontify es and rc scripts because of the single backtick.