[m-dev.] for review: fix security holes.

[Tyson Dowd]

On 26-Mar-1998, Fergus Henderson <fjh at cs.mu.OZ.AU> wrote:
> > > Better not use $0 there, it might contain /'s.
> > > I think it would be simplest to just hard-code `ml'.
> > 
> > Why would you want to hardcode `ml'? 
> > 
> > This is the configure script that is running -- hardcoding `configure'
> > might be better.
> 
> Sorry, asleep at the wheel here.  If it is `configure' that is creating
> the file, then yes it makes sense to hardcode `configure', not `ml'.
> 
> This is perhaps not ideal, since the name `configure' is not very
> unique, but that shouldn't be a problem, since mktemp is supposed
> to be able to deal with such things.

I think the chances of it misconfiguring because the entire
configure.XXXXXX namespace is full are low, and it takes a sensible
course of action anyway (besides if configure.XXXXXX *is* full, maybe
mktemp is broken anyway).

> 
> Note that the normal solution when using autoconf would be to name
> the temporary files `conftest*', as described in the following
> quote from the autoconf documentation:
> 
>    If a test program needs to use or create a data file, give it a name
>    that starts with `conftest', such as `conftestdata'.  The `configure'
>    script cleans up by running `rm -rf conftest*' after running test
>    programs and if the script is interrupted.
> 
> However, since the real program is going to create a temp file in /tmp,
> it is probably better to have the autoconf test do the same
> (lest it work in one case but not the other).
> 
> > +MERCURY_MSG("looking for a way to create temporary files...")
> > +
> > +AC_PATH_PROG(MKTEMP,mktemp)
> > +if test "$MKTEMP" != ""; then
> > +	# check that it really works
> > +	TMPFILE=`mktemp /tmp/configure.XXXXXX`
> 
> It might be better to make that
> 
> 	TMPFILE=`mktemp /tmp/configure.XXXXXX` || exit 1

Why? Won't this exit the configure script if mktemp fails?  We don't
want to configure to stop.  As far as I can see from a quick look
at the output of configure, it doesn't make tests like this into
a different process.

> > +	if [ $MKTEMP = "" ] ; then
> 
> On many systems it is slightly more efficient to write this as a
> `case' statement
> 
> 	case $MKTEMP in
> 		"") ... ;;
> 		*) ... ;;
> 	esac
> 	
> rather than using `if [ ... ]'.  The reason for this is that
> often `[' is not a shell builtin.  (E.g. this is true if you
> use `ash' rather than `bash' as /bin/sh.)

Actually, I think you mean
	case "$MKTEMP" in
		...

-- 
       Tyson Dowd           # So I asked Sarah: what's the serial number on
                            # your computer? She replied:
     trd at cs.mu.oz.au        #          A-C-2-4-0-V-/-5-0-H-Z
http://www.cs.mu.oz.au/~trd #