aboutsummaryrefslogtreecommitdiffstats
path: root/shells/bash1
diff options
context:
space:
mode:
authorobrien <obrien@FreeBSD.org>2000-11-30 03:48:15 +0800
committerobrien <obrien@FreeBSD.org>2000-11-30 03:48:15 +0800
commite1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7 (patch)
tree11ab3aaaee700892ec0966337e4ade95fd52737c /shells/bash1
parentec1fbdd9e3c7cab99fa48823b7bbc6eb872f4a3a (diff)
downloadfreebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.tar.gz
freebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.tar.zst
freebsd-ports-gnome-e1260d76c24ec5f68fb1dad74bfac7bc3d03f0f7.zip
Fix the symlink vulnerability noted at http://www.securityfocus.com/bid/2006
Obtained from: RedHat bash-1.14.7-23.5x.src.rpm
Diffstat (limited to 'shells/bash1')
-rw-r--r--shells/bash1/files/patch-execute_cmd.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/shells/bash1/files/patch-execute_cmd.c b/shells/bash1/files/patch-execute_cmd.c
new file mode 100644
index 000000000000..47c4e4f88961
--- /dev/null
+++ b/shells/bash1/files/patch-execute_cmd.c
@@ -0,0 +1,28 @@
+--- execute_cmd.c.orig Thu Jun 8 17:29:00 1995
++++ execute_cmd.c Fri Nov 24 14:41:40 2000
+@@ -2718,6 +2718,7 @@
+ char *redirectee_word;
+ enum r_instruction ri = redirect->instruction;
+ REDIRECT *new_redirect;
++ mode_t um;
+
+ if (ri == r_duplicating_input_word || ri == r_duplicating_output_word)
+ {
+@@ -2938,11 +2939,15 @@
+ pid_t pid = getpid ();
+
+ /* Make the filename for the temp file. */
+- sprintf (filename, "/tmp/t%d-sh", pid);
++ sprintf (filename, "/tmp/t-sh-XXXXXX", pid);
+
+- fd = open (filename, O_TRUNC | O_WRONLY | O_CREAT, 0666);
++ /* O_TRUNC | O_WRONLY | O_CREAT */
++ fd = mkstemp (filename);
+ if (fd < 0)
+ return (errno);
++ um=umask(022);
++ umask(um);
++ fchmod(fd, 0666 & ~um);
+
+ errno = 0; /* XXX */
+ if (redirectee->word)