Create tempfiles securely.

Reviewed by:	imp

usr.bin/make/job.c

@@ -162,14 +162,6 @@ static int     	  numCommands; 	    /* The number of commands actually printed
 #define JOB_FINISHED	2   	/* The job is already finished */
 #define JOB_STOPPED	3   	/* The job is stopped */
 
-/*
- * tfile is the name of a file into which all shell commands are put. It is
- * used over by removing it before the child shell is executed. The XXXXXXXXXX
- * in the string are replaced by mkstemp(3).
- */
-static char     tfile[sizeof(TMPPAT)];
-
-
 /*
  * Descriptions for various shells.
  */
@@ -993,7 +985,7 @@ JobFinish(job, status)
 	/*
 	 * If we are aborting and the job table is now empty, we finish.
 	 */
-	(void) eunlink(tfile);
+	(void) eunlink(job->tfile);
 	Finish(errors);
     }
 }
@@ -1668,6 +1660,7 @@ JobStart(gn, flags, previous)
     Boolean	  cmdsOK;     /* true if the nodes commands were all right */
     Boolean 	  local;      /* Set true if the job was run locally */
     Boolean 	  noExec;     /* Set true if we decide not to run the job */
+    int		  tfd;	      /* File descriptor for temp file */
 
     if (previous != NULL) {
 	previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE);
@@ -1697,6 +1690,12 @@ JobStart(gn, flags, previous)
     }
     job->flags |= flags;
 
+    (void) strcpy(job->tfile, TMPPAT);
+    if ((tfd = mkstemp(job->tfile)) == -1)
+	Punt("cannot create temp file: %s", strerror(errno));
+    else
+	(void) close(tfd);
+
     /*
      * Check the commands now so any attributes from .DEFAULT have a chance
      * to migrate to the node
@@ -1722,9 +1721,9 @@ JobStart(gn, flags, previous)
 	    DieHorribly();
 	}
 
-	job->cmdFILE = fopen(tfile, "w+");
+	job->cmdFILE = fopen(job->tfile, "w+");
 	if (job->cmdFILE == NULL) {
-	    Punt("Could not open %s", tfile);
+	    Punt("Could not open %s", job->tfile);
 	}
 	(void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1);
 	/*
@@ -1830,7 +1829,7 @@ JobStart(gn, flags, previous)
 	 * Unlink and close the command file if we opened one
 	 */
 	if (job->cmdFILE != stdout) {
-	    (void) eunlink(tfile);
+	    (void) eunlink(job->tfile);
 	    if (job->cmdFILE != NULL)
 		(void) fclose(job->cmdFILE);
 	} else {
@@ -1859,7 +1858,7 @@ JobStart(gn, flags, previous)
 	}
     } else {
 	(void) fflush(job->cmdFILE);
-	(void) eunlink(tfile);
+	(void) eunlink(job->tfile);
     }
 
     /*
@@ -2403,13 +2402,6 @@ Job_Init(maxproc, maxlocal)
 			     * be running at once. */
 {
     GNode         *begin;     /* node for commands to do at the very start */
-    int	          tfd;
-
-    (void) strcpy(tfile, TMPPAT);
-    if ((tfd = mkstemp(tfile)) == -1)
-	Punt("cannot create temp file: %s", strerror(errno));
-    else
-	(void) close(tfd);
 
     jobs =  	  Lst_Init(FALSE);
     stoppedJobs = Lst_Init(FALSE);
@@ -2914,7 +2906,7 @@ JobInterrupt(runINTERRUPT, signo)
 	    }
 	}
     }
-    (void) eunlink(tfile);
+    (void) eunlink(job->tfile);
 }
 
 /*
@@ -2948,7 +2940,6 @@ Job_End()
 	    }
 	}
     }
-    (void) eunlink(tfile);
     return(errors);
 }
 
@@ -3024,6 +3015,7 @@ Job_AbortAll()
 	    KILL(job->pid, SIGINT);
 	    KILL(job->pid, SIGKILL);
 #endif /* RMT_WANTS_SIGNALS */
+	    (void) eunlink(job->tfile);
 	}
     }
 
@@ -3032,7 +3024,6 @@ Job_AbortAll()
      */
     while (waitpid((pid_t) -1, &foo, WNOHANG) > 0)
 	continue;
-    (void) eunlink(tfile);
 }
 
 #ifdef REMOTE

usr.bin/make/job.h

@@ -93,6 +93,8 @@
 #define JOB_BUFSIZE	1024
 typedef struct Job {
     int       	pid;	    /* The child's process ID */
+    char	tfile[sizeof(TMPPAT)];
+			    /* Temporary file to use for job */
     GNode    	*node;      /* The target the child is making */
     LstNode 	tailCmds;   /* The node of the first command to be
 			     * saved when the job has been run */