diff options
author | obrien <obrien@FreeBSD.org> | 2000-11-30 03:48:15 +0800 |
---|---|---|
committer | obrien <obrien@FreeBSD.org> | 2000-11-30 03:48:15 +0800 |
commit | e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7 (patch) | |
tree | 11ab3aaaee700892ec0966337e4ade95fd52737c /shells/bash1 | |
parent | ec1fbdd9e3c7cab99fa48823b7bbc6eb872f4a3a (diff) | |
download | freebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.tar.gz freebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.tar.zst freebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.zip |
Fix the symlink vulnerability noted at http://www.securityfocus.com/bid/2006
Obtained from: RedHat bash-1.14.7-23.5x.src.rpm
Diffstat (limited to 'shells/bash1')
-rw-r--r-- | shells/bash1/files/patch-execute_cmd.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/shells/bash1/files/patch-execute_cmd.c b/shells/bash1/files/patch-execute_cmd.c new file mode 100644 index 000000000000..47c4e4f88961 --- /dev/null +++ b/shells/bash1/files/patch-execute_cmd.c @@ -0,0 +1,28 @@ +--- execute_cmd.c.orig Thu Jun 8 17:29:00 1995 ++++ execute_cmd.c Fri Nov 24 14:41:40 2000 +@@ -2718,6 +2718,7 @@ + char *redirectee_word; + enum r_instruction ri = redirect->instruction; + REDIRECT *new_redirect; ++ mode_t um; + + if (ri == r_duplicating_input_word || ri == r_duplicating_output_word) + { +@@ -2938,11 +2939,15 @@ + pid_t pid = getpid (); + + /* Make the filename for the temp file. */ +- sprintf (filename, "/tmp/t%d-sh", pid); ++ sprintf (filename, "/tmp/t-sh-XXXXXX", pid); + +- fd = open (filename, O_TRUNC | O_WRONLY | O_CREAT, 0666); ++ /* O_TRUNC | O_WRONLY | O_CREAT */ ++ fd = mkstemp (filename); + if (fd < 0) + return (errno); ++ um=umask(022); ++ umask(um); ++ fchmod(fd, 0666 & ~um); + + errno = 0; /* XXX */ + if (redirectee->word) |