undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gitk: Use mktemp -d to avoid predictable temporary directories

Browse Source 
gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
a temporary directory.

Use "mktemp -d .gitk-tmp.XXXXXX" to harden gitk against someone
seeding /tmp with files matching the pid pattern.

Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This commit is contained in:
David Aguilar 2014-06-13 14:43:48 -07:00 committed by Paul Mackerras
parent c7664f1a8c
commit 105b5d3fbb
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gitk
View File

@ -3503,7 +3503,8 @@ proc gitknewtmpdir {} {
} else { } else {
set tmpdir $gitdir set tmpdir $gitdir
} }
set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]] set gitktmpformat [file join $tmpdir ".gitk-tmp.XXXXXX"]
set gitktmpdir [exec mktemp -d $gitktmpformat]
if {[catch {file mkdir $gitktmpdir} err]} { if {[catch {file mkdir $gitktmpdir} err]} {
error_popup "[mc "Error creating temporary directory %s:" $gitktmpdir] $err" error_popup "[mc "Error creating temporary directory %s:" $gitktmpdir] $err"
unset gitktmpdir unset gitktmpdir