Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: [PATCH] Re: Insecure tempfile creation

X-seq: zsh-workers 34169
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
To: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] Re: Insecure tempfile creation
Date: Thu, 8 Jan 2015 14:10:59 +0000
Cc: Zsh hackers list <zsh-workers@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= daniel.shahaf.name; h=x-sasl-enc:date:from:to:cc:subject :message-id:references:mime-version:content-type:in-reply-to; s= mesmtp; bh=nvwCJY73AVRihrMS3cp2wE/Z3BY=; b=wKHqgYAXrZ2pxCyY6A1R8 LxNO1TfSKHTUrTtkgQGWOav1CbrKkc+nvJlk4GHeWm6v+G4JVoahElq4bEiTtyCj O4WeLsXk7AynjjScuXcUH8QOOoxntuPySCHZYz+rmtOeHqYM4L/xx4uRxXR0woBA P/THyy/7HXlXXxOMO4NW24=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:date:from:to:cc:subject :message-id:references:mime-version:content-type:in-reply-to; s= smtpout; bh=nvwCJY73AVRihrMS3cp2wE/Z3BY=; b=qkXI5u29/qWV9gCuf8k7 YDBAKeIrrtCAPPSxZTNPK35v1ehRpD1Xt/C1EsRFrSQ7YkNmPXh/yp/iUfton7ZI y/PqZVEJxnKsaGcJTo9zh6/MZy19TZO3mTUAxuR5cfij23ESZiIMYiqSjys+4NQk iPr3e5xwn8QsmXf7u1fWOxA=
In-reply-to: <150108000821.ZM7996@torch.brasslantern.com>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> <141228004101.ZM28486@torch.brasslantern.com> <20141229004957.GA1737@tarsus.local2> <141228200142.ZM22840@torch.brasslantern.com> <20150107220345.GE1714@tarsus.local2> <CAH+w=7Y3r3UeFPdHjPsS9arrWWjss2Bco1i0hNsn6fb8sfv7Xw@mail.gmail.com> <20150108064816.GA17816@lorien.comfychair.org> <150108000821.ZM7996@torch.brasslantern.com>

Bart Schaefer wrote on Thu, Jan 08, 2015 at 00:08:21 -0800:
> On Jan 7, 10:48pm, Danek Duvall wrote:
> } Subject: Re: [PATCH] Re: Insecure tempfile creation
> }
> } On Wed, Jan 07, 2015 at 10:22:20PM -0800, Bart Schaefer wrote:
> } 
> } > On Wed, Jan 7, 2015 at 2:03 PM, Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx> wrote:
> } > > Coming back to this, it has occurred to me that
> } > >
> } > >         mv -f =(:) ${TMPPREFIX:-/tmp/zsh}foo$$
> } > >
> } > 
> } > Hmm.  Yup, we need "ln -Fh" instead of "mv -f".  Are the -F and -h
> } > options of "ln" fairly standard?
> } 
> } Neither exists on Solaris ln.  GNU coreutils ln doesn't seem to have -h,
> } either.  And -F just seems like a bad idea, supported or not.
> 
> -F on MacOS (where I was reading the manual) is like -f in coreutils,
> not like -F in coreutils (sigh).  And -h is --no-dereference.  
> 

So, for clarity, the flags you proposed mean "overwrite destination if
existing" and "if destination is symlink, don't dereference it".

> Fortunately, we have the zsh/files module which provides a buitin "ln"
> with well-defined semantics.  Hopefully that's good enough.

Another option: add a builtin that wraps the rename(2) syscall, and
then use:

    zrename =(<<<'') ${TMPPREFIX:-/tmp/zsh}foo$$

References:
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Daniel Shahaf
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Bart Schaefer
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Danek Duvall
- Re: [PATCH] Re: Insecure tempfile creation
  - From: Bart Schaefer

Messages sorted by: Reverse Date, Date, Thread, Author