mktemp -> mkstemp as pointed out on bugtraq

Obtained from: Theo de Raadt
1998-03-10 19:43:27 +00:00 · 1998-03-10 19:43:27 +00:00 · 6b4da9c835
commit 6b4da9c835
parent 4d5d469cc4
1 changed files with 19 additions and 6 deletions
--- a/gnu/usr.bin/perl/perl/perl.c
+++ b/gnu/usr.bin/perl/perl/perl.c
@ -1,4 +1,4 @@
-char rcsid[] = "$RCSfile: perl.c,v $$Revision: 1.7 $$Date: 1996/06/30 09:47:56 $\nPatch level: ###\n";
+char rcsid[] = "$RCSfile: perl.c,v $$Revision: 1.8 $$Date: 1997/03/01 12:58:48 $\nPatch level: ###\n";
 /*
 *    Copyright (c) 1991, Larry Wall
 *
@ -6,6 +6,15 @@ char rcsid[] = "$RCSfile: perl.c,v $$Revision: 1.7 $$Date: 1996/06/30 09:47:56 $
 *    License or the Artistic License, as specified in the README file.
 *
 * $Log: perl.c,v $
+ * Revision 1.8  1997/03/01 12:58:48  joerg
+ * Plug an old security hole: suidperl didn't honor MNT_NOSUID.
+ *
+ * Strong 2.2 and 2.1.x candidate.  Someone should review the patch before,
+ * however.
+ *
+ * The maintainer of the Perl5 port should probably introduce a similar patch
+ * there.
+ *
 * Revision 1.7  1996/06/30 09:47:56  joerg
 * Back out Nate's changes from rev. 1.6; our Perl has not been
 * vulnerable since it used setreuid() as opposed to Posix saved IDs.
@ -207,13 +216,17 @@ setuid perl scripts securely.\n");
 		fatal("No -e allowed in setuid scripts");
 #endif
 	    if (!e_fp) {
+		int fd;
+
 	        e_tmpname = savestr(TMPPATH);
-		(void)mktemp(e_tmpname);
-		if (!*e_tmpname)
-		    fatal("Can't mktemp()");
-		e_fp = fopen(e_tmpname,"w");
-		if (!e_fp)
+		fd = mkstemp(e_tmpname);
+		if (fd == -1)
+		    fatal("Can't mkstemp()");
+		e_fp = fdopen(fd,"w");
+		if (!e_fp) {
+		    close(fd);
 		    fatal("Cannot open temporary file");
+		}
 	    }
 	    if (argv[1]) {
 		fputs(argv[1],e_fp);