* [PATCH] mktokens relative TMPDIR
@ 2020-02-18 3:50 Michael Greenberg
2020-04-29 5:59 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: Michael Greenberg @ 2020-02-18 3:50 UTC (permalink / raw)
To: dash
The mktokens script fails when /tmp isn't writable (e.g., when building
in a sandbox with a different TMPDIR). Replace absolute references to
/tmp to relative references to TMPDIR. If TMPDIR is unset or null,
default to /tmp.
The mkbuiltins script was already hardened to work relative to TMPDIR,
also defaulting to /tmp.
Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
diff --git a/src/mktokens b/src/mktokens
index cd52241..3ab7bc5 100644
--- a/src/mktokens
+++ b/src/mktokens
@@ -37,7 +37,9 @@
# token marks the end of a list. The third column is the name to print in
# error messages.
-cat > /tmp/ka$$ <<\!
+: ${TMPDIR:=/tmp}
+
+cat > $TMPDIR/ka$$ <<\!
TEOF 1 end of file
TNL 0 newline
TSEMI 0 ";"
@@ -68,28 +70,28 @@ TWHILE 0 "while"
TBEGIN 0 "{"
TEND 1 "}"
!
-nl=`wc -l /tmp/ka$$`
+nl=`wc -l ${TMPDIR}/ka$$`
exec > token.h
-awk '{print "#define " $1 " " NR-1}' /tmp/ka$$
+awk '{print "#define " $1 " " NR-1}' ${TMPDIR}/ka$$
exec > token_vars.h
echo '
/* Array indicating which tokens mark the end of a list */
static const char tokendlist[] = {'
-awk '{print "\t" $2 ","}' /tmp/ka$$
+awk '{print "\t" $2 ","}' ${TMPDIR}/ka$$
echo '};
static const char *const tokname[] = {'
sed -e 's/"/\\"/g' \
-e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \
- /tmp/ka$$
+ ${TMPDIR}/ka$$
echo '};
'
-sed 's/"//g' /tmp/ka$$ | awk '
+sed 's/"//g' ${TMPDIR}/ka$$ | awk '
/TNOT/{print "#define KWDOFFSET " NR-1; print "";
print "static const char *const parsekwd[] = {"}
/TNOT/,/neverfound/{if (last) print " \"" last "\","; last = $3}
END{print " \"" last "\"\n};"}'
-rm /tmp/ka$$
+rm ${TMPDIR}/ka$$
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] mktokens relative TMPDIR
2020-02-18 3:50 [PATCH] mktokens relative TMPDIR Michael Greenberg
@ 2020-04-29 5:59 ` Herbert Xu
2020-04-29 17:51 ` [v2 PATCH] " Michael Greenberg
0 siblings, 1 reply; 6+ messages in thread
From: Herbert Xu @ 2020-04-29 5:59 UTC (permalink / raw)
To: Michael Greenberg; +Cc: dash
On Mon, Feb 17, 2020 at 07:50:50PM -0800, Michael Greenberg wrote:
> The mktokens script fails when /tmp isn't writable (e.g., when building
> in a sandbox with a different TMPDIR). Replace absolute references to
> /tmp to relative references to TMPDIR. If TMPDIR is unset or null,
> default to /tmp.
>
> The mkbuiltins script was already hardened to work relative to TMPDIR,
> also defaulting to /tmp.
>
> Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
Please make sure TMPDIR is quoted.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
* [v2 PATCH] mktokens relative TMPDIR
2020-04-29 5:59 ` Herbert Xu
@ 2020-04-29 17:51 ` Michael Greenberg
2020-04-30 2:57 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: Michael Greenberg @ 2020-04-29 17:51 UTC (permalink / raw)
To: Herbert Xu; +Cc: dash
The mktokens script fails when /tmp isn't writable (e.g., when building
in a sandbox with a different TMPDIR). Replace absolute references to
/tmp to relative references to TMPDIR. If TMPDIR is unset or null,
default to /tmp.
The mkbuiltins script was already hardened to work relative to TMPDIR,
also defaulting to /tmp.
v2 ensures that TMPDIR is quoted.
Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
diff --git a/src/mktokens b/src/mktokens
index cd52241..3ab7bc5 100644
--- a/src/mktokens
+++ b/src/mktokens
@@ -37,7 +37,9 @@
# token marks the end of a list. The third column is the name to print in
# error messages.
-cat > /tmp/ka$$ <<\!
+: ${TMPDIR:=/tmp}
+
+cat > "${TMPDIR}"/ka$$ <<\!
TEOF 1 end of file
TNL 0 newline
TSEMI 0 ";"
@@ -68,28 +70,28 @@ TWHILE 0 "while"
TBEGIN 0 "{"
TEND 1 "}"
!
-nl=`wc -l /tmp/ka$$`
+nl=`wc -l "${TMPDIR}"/ka$$`
exec > token.h
-awk '{print "#define " $1 " " NR-1}' /tmp/ka$$
+awk '{print "#define " $1 " " NR-1}' "${TMPDIR}"/ka$$
exec > token_vars.h
echo '
/* Array indicating which tokens mark the end of a list */
static const char tokendlist[] = {'
-awk '{print "\t" $2 ","}' /tmp/ka$$
+awk '{print "\t" $2 ","}' "${TMPDIR}"/ka$$
echo '};
static const char *const tokname[] = {'
sed -e 's/"/\\"/g' \
-e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \
- /tmp/ka$$
+ "${TMPDIR}"/ka$$
echo '};
'
-sed 's/"//g' /tmp/ka$$ | awk '
+sed 's/"//g' "${TMPDIR}"/ka$$ | awk '
/TNOT/{print "#define KWDOFFSET " NR-1; print "";
print "static const char *const parsekwd[] = {"}
/TNOT/,/neverfound/{if (last) print " \"" last "\","; last = $3}
END{print " \"" last "\"\n};"}'
-rm /tmp/ka$$
+rm "${TMPDIR}"/ka$$
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [v2 PATCH] mktokens relative TMPDIR
2020-04-29 17:51 ` [v2 PATCH] " Michael Greenberg
@ 2020-04-30 2:57 ` Herbert Xu
2020-04-30 3:04 ` [v3 " Michael Greenberg
0 siblings, 1 reply; 6+ messages in thread
From: Herbert Xu @ 2020-04-30 2:57 UTC (permalink / raw)
To: Michael Greenberg; +Cc: dash
On Wed, Apr 29, 2020 at 10:51:41AM -0700, Michael Greenberg wrote:
> The mktokens script fails when /tmp isn't writable (e.g., when building
> in a sandbox with a different TMPDIR). Replace absolute references to
> /tmp to relative references to TMPDIR. If TMPDIR is unset or null,
> default to /tmp.
>
> The mkbuiltins script was already hardened to work relative to TMPDIR,
> also defaulting to /tmp.
>
> v2 ensures that TMPDIR is quoted.
>
> Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
>
> diff --git a/src/mktokens b/src/mktokens
> index cd52241..3ab7bc5 100644
> --- a/src/mktokens
> +++ b/src/mktokens
> @@ -37,7 +37,9 @@
> # token marks the end of a list. The third column is the name to print in
> # error messages.
>
> -cat > /tmp/ka$$ <<\!
> +: ${TMPDIR:=/tmp}
Could you quote this one too? Otherwise it could result in
unnecessary pattern expansion (e.g., someone does TMPDIR=/*/*/*).
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread* [v3 PATCH] mktokens relative TMPDIR
2020-04-30 2:57 ` Herbert Xu
@ 2020-04-30 3:04 ` Michael Greenberg
2020-05-15 6:30 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: Michael Greenberg @ 2020-04-30 3:04 UTC (permalink / raw)
To: Herbert Xu, dash
The mktokens script fails when /tmp isn't writable (e.g., when building
in a sandbox with a different TMPDIR). Replace absolute references to
/tmp to relative references to TMPDIR. If TMPDIR is unset or null,
default to /tmp.
The mkbuiltins script was already hardened to work relative to TMPDIR,
also defaulting to /tmp.
v2 ensures that TMPDIR is quoted.
v3 adds an extra quotation that prevents extra pathname expansions.
Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
diff --git a/src/mktokens b/src/mktokens
index cd52241..3ab7bc5 100644
--- a/src/mktokens
+++ b/src/mktokens
@@ -37,7 +37,9 @@
# token marks the end of a list. The third column is the name to print in
# error messages.
-cat > /tmp/ka$$ <<\!
+: "${TMPDIR:=/tmp}"
+
+cat > "${TMPDIR}"/ka$$ <<\!
TEOF 1 end of file
TNL 0 newline
TSEMI 0 ";"
@@ -68,28 +70,28 @@ TWHILE 0 "while"
TBEGIN 0 "{"
TEND 1 "}"
!
-nl=`wc -l /tmp/ka$$`
+nl=`wc -l "${TMPDIR}"/ka$$`
exec > token.h
-awk '{print "#define " $1 " " NR-1}' /tmp/ka$$
+awk '{print "#define " $1 " " NR-1}' "${TMPDIR}"/ka$$
exec > token_vars.h
echo '
/* Array indicating which tokens mark the end of a list */
static const char tokendlist[] = {'
-awk '{print "\t" $2 ","}' /tmp/ka$$
+awk '{print "\t" $2 ","}' "${TMPDIR}"/ka$$
echo '};
static const char *const tokname[] = {'
sed -e 's/"/\\"/g' \
-e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \
- /tmp/ka$$
+ "${TMPDIR}"/ka$$
echo '};
'
-sed 's/"//g' /tmp/ka$$ | awk '
+sed 's/"//g' "${TMPDIR}"/ka$$ | awk '
/TNOT/{print "#define KWDOFFSET " NR-1; print "";
print "static const char *const parsekwd[] = {"}
/TNOT/,/neverfound/{if (last) print " \"" last "\","; last = $3}
END{print " \"" last "\"\n};"}'
-rm /tmp/ka$$
+rm "${TMPDIR}"/ka$$
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [v3 PATCH] mktokens relative TMPDIR
2020-04-30 3:04 ` [v3 " Michael Greenberg
@ 2020-05-15 6:30 ` Herbert Xu
0 siblings, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2020-05-15 6:30 UTC (permalink / raw)
To: Michael Greenberg; +Cc: dash
On Wed, Apr 29, 2020 at 08:04:21PM -0700, Michael Greenberg wrote:
> The mktokens script fails when /tmp isn't writable (e.g., when building
> in a sandbox with a different TMPDIR). Replace absolute references to
> /tmp to relative references to TMPDIR. If TMPDIR is unset or null,
> default to /tmp.
>
> The mkbuiltins script was already hardened to work relative to TMPDIR,
> also defaulting to /tmp.
>
> v2 ensures that TMPDIR is quoted.
> v3 adds an extra quotation that prevents extra pathname expansions.
>
> Signed-off-by: Michael Greenberg <michael.greenberg@pomona.edu>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-05-15 6:30 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-18 3:50 [PATCH] mktokens relative TMPDIR Michael Greenberg
2020-04-29 5:59 ` Herbert Xu
2020-04-29 17:51 ` [v2 PATCH] " Michael Greenberg
2020-04-30 2:57 ` Herbert Xu
2020-04-30 3:04 ` [v3 " Michael Greenberg
2020-05-15 6:30 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).