emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sh-tmp-file inserts unsafe code


From: Reiner Steib
Subject: Re: sh-tmp-file inserts unsafe code
Date: Mon, 10 Oct 2005 17:10:41 +0200
User-agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux)

On Mon, Oct 10 2005, Emanuele Giaquinta wrote:

>         > "tmp = /tmp/" str ".$pid" \n
>         "fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
>     (sh (file-name-nondirectory (buffer-file-name))
> !       > "TMP=`mktemp ${TMPDIR:-/tmp}/" str ".XXXXXX`" \n
>         "trap \"rm $TMP* 2>/dev/null\" " ?0 \n))

Why not use `-t' instead of dealing explicitly with TMPDIR?

--8<---------------cut here---------------start------------->8---
--- sh-script.el        19 Sep 2005 11:36:31 +0200      1.166
+++ sh-script.el        10 Oct 2005 17:08:56 +0200      
@@ -3392,7 +3392,7 @@
   "Insert code to setup temporary file handling.  See `sh-feature'."
   (bash sh-append ksh88)
   (csh (file-name-nondirectory (buffer-file-name))
-       "set tmp = /tmp/" str ".$$" \n
+       "set tmp = `mktemp -t " str ".XXXXXXXXXX`" \n
        "onintr exit" \n _
        (and (goto-char (point-max))
            (not (bolp))
@@ -3415,7 +3415,7 @@
       > "tmp = /tmp/" str ".$pid" \n
       "fn sigexit { rm $tmp^* >[2]/dev/null }" \n)
   (sh (file-name-nondirectory (buffer-file-name))
-      > "TMP=${TMPDIR:-/tmp}/" str ".$$" \n
+      > "TMP=`mktemp -t " str ".XXXXXXXXXX`" \n
       "trap \"rm $TMP* 2>/dev/null\" " ?0 \n))
 
--8<---------------cut here---------------end--------------->8---

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]