Create temporary files in a secure directory, instead of using multiple

filenames based on a single invocation of mktemp() in /tmp, which is
easily predictable after the first one.

Audited by:     markm
This commit is contained in:
Kris Kennaway 2000-11-22 11:09:30 +00:00
parent c8b46b3ee3
commit 4f377e65c4
2 changed files with 9 additions and 7 deletions

View File

@ -82,6 +82,7 @@ FILE *infile[MAXINP]; /* input file stack (0=stdin) */
FILE *outfile[MAXOUT]; /* diversion array(0=bitbucket)*/
FILE *active; /* active output file pointer */
char *m4temp; /* filename for diversions */
char *m4dir; /* directory for diversions */
int ilevel = 0; /* input file stack pointer */
int oindex = 0; /* diversion index.. */
char *null = ""; /* as it says.. just a null.. */
@ -181,7 +182,8 @@ main(argc,argv)
active = stdout; /* default active output */
/* filename for diversions */
m4temp = mktemp(xstrdup(_PATH_DIVNAME));
m4dir = mkdtemp(xstrdup(_PATH_DIVDIRNAME));
(void) asprintf(&m4temp, "%s/%s", m4dir, _PATH_DIVNAME);
bbase[0] = bufbase;
if (!argc) {
@ -225,6 +227,7 @@ main(argc,argv)
(void) remove(m4temp);
#else
(void) unlink(m4temp);
(void) rmdir(m4dir);
#endif
}

View File

@ -1,6 +1,3 @@
/* $OpenBSD: pathnames.h,v 1.4 1997/04/04 18:41:29 deraadt Exp $ */
/* $NetBSD: pathnames.h,v 1.6 1995/09/29 00:27:55 cgd Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@ -37,6 +34,7 @@
* SUCH DAMAGE.
*
* @(#)pathnames.h 8.1 (Berkeley) 6/6/93
* $FreeBSD$
*/
/*
@ -49,9 +47,10 @@
#define UNIQUE 3 /* unique char location */
#endif
#if defined(unix) || defined(__NetBSD__) || defined(__OpenBSD__)
#define _PATH_DIVNAME "/tmp/m4.0XXXXXXXXXX" /* unix diversion files */
#define UNIQUE 8 /* unique char location */
#ifdef unix
#define _PATH_DIVDIRNAME "/tmp/m4XXXXXX" /* directory for files */
#define _PATH_DIVNAME "m4.0" /* unix diversion files */
#define UNIQUE 17 /* unique char location */
#endif
#ifdef vms