[m-dev.] for review: fix security holes.

[Fergus Henderson]

On 23-Mar-1998, Tyson Dowd <trd at stimpy.cs.mu.oz.au> wrote:
...
> +MERCURY_MSG("looking for a way to create temporary files...")
> +
> +AC_PATH_PROG(MKTMP,mktemp)
> +if test "$MKTMP" != ""; then
> +	# check that it really works
> +	TMPFILE=`mktemp /tmp/$0.XXXXXX`

Better not use $0 there, it might contain /'s.
I think it would be simplest to just hard-code `ml'.

Also, I think you should spell MKTMP as MKTEMP.
(There's already enough confusion caused by the difference
between tempnam() and tmpnam() ;-)

>  		# create the pipe, making sure we remove it if interrupted
> -	PIPE=/tmp/ml.$$
> -	trap 'rm -f $PIPE; exit 1' 1 2 3 13 15 
> +	um=`umask`
> +	umask 022
> +	TMPDIR=/tmp/ml$$
> +	PIPE=$TMPDIR/pipe
> +	if ! mkdir $TMPDIR ; then
> +		echo "Unable to create temporary pipe"
> +		exit 1
> +	fi
> +	umask $um
> +	trap 'rm -rf $TMPDIR; exit 1' 1 2 3 13 15 

I think `old_umask' would be a better name than `um'.

Also it might be clearer to use the name `ML_TMPDIR',
to distinguish it from the TMPDIR that is used by tempnam() etc.

> +		if ! mkdir $tmpdir ; then
> +			echo "Unable to create temporary makefile"
> +			exit 1

should be
	echo "Unable ..." 1>&2

Otherwise that looks OK.

Can you please post another diff when you've addressed those
comments?

Thanks,
	Fergus.

-- 
Fergus Henderson <fjh at cs.mu.oz.au>  |  "I have always known that the pursuit
WWW: <http://www.cs.mu.oz.au/~fjh>  |  of excellence is a lethal habit"
PGP: finger fjh at 128.250.37.3        |     -- the last words of T. S. Garp.