for review: fix security holes.

[Tyson Dowd]

Hi,

Fergus, since we discussed this on Friday, can you review this?

(NOTE: This is a diff against mercury-0.7.3).

===================================================================


Estimated hours taken: 1

Fix two security holes in the way temporary files in /tmp are handled.

configure.in:
	Look for mktemp.

scripts/ml.in:
	Previously, if a file /tmp/ml$$ existed, linker errors would
	be missed (or fake linker errors could be provided).
	Use 
		mkdir /tmp/ml.$$ || exit 1
	approach to create a directory, then use a file in that
	directory as the fifo for linker errors.

scripts/mmake.in:
	Previously, if a file /tmp/mmake.$$ existed, it would stop
	the generation of a mmake file, and the system would invoke
	gmake on the existing file (possibly executing arbitrary
	commands).
	Use mktemp (if available) to create the file, and exit if
	it is not possible to create the file.
	If mktemp is not available, use mkdir || exit 1 technique.


cvs server: Diffing .
Index: configure.in
===================================================================
RCS file: /home/staff/zs/imp/mercury/configure.in,v
retrieving revision 1.116
diff -u -r1.116 configure.in
--- configure.in	1997/10/17 02:39:11	1.116
+++ configure.in	1998/03/23 07:17:10
@@ -199,6 +199,25 @@
 
 PATH="$save_PATH"
 #-----------------------------------------------------------------------------#
+MERCURY_MSG("looking for a way to create temporary files...")
+
+AC_PATH_PROG(MKTMP,mktemp)
+if test "$MKTMP" != ""; then
+	# check that it really works
+	TMPFILE=`mktemp /tmp/$0.XXXXXX`
+	if test -f $TMPFILE ; then
+		rm -f $TMPFILE
+		true
+	else
+		MKTMP=""
+	fi
+fi
+if test "$MKTMP" = ""; then
+	AC_MSG_WARN(cannot find a working \`mktemp', using \`mkdir || exit'')
+	MKTMP=""
+fi
+AC_SUBST(MKTMP)
+#-----------------------------------------------------------------------------#
 AC_PROG_CC
 AC_SUBST(CC)
 
cvs server: Diffing bindist
cvs server: Diffing boehm_gc
cvs server: Diffing boehm_gc/Mac_files
cvs server: Diffing boehm_gc/cord
cvs server: Diffing boehm_gc/cord/private
cvs server: Diffing boehm_gc/include
cvs server: Diffing boehm_gc/include/private
cvs server: Diffing compiler
cvs server: Diffing compiler/notes
cvs server: Diffing doc
cvs server: Diffing library
cvs server: cannot find library/library.nu.nl.in
cvs server: Diffing profiler
cvs server: Diffing runtime
cvs server: Diffing runtime/machdeps
cvs server: Diffing samples
cvs server: Diffing samples/c_interface
cvs server: Diffing samples/c_interface/c_calls_mercury
cvs server: Diffing samples/c_interface/cplusplus_calls_mercury
cvs server: Diffing samples/c_interface/mercury_calls_c
cvs server: Diffing samples/c_interface/mercury_calls_cplusplus
cvs server: Diffing samples/c_interface/simpler_c_calls_mercury
cvs server: Diffing samples/c_interface/simpler_cplusplus_calls_mercury
cvs server: Diffing samples/diff
cvs server: Diffing scripts
Index: scripts/ml.in
===================================================================
RCS file: /home/staff/zs/imp/mercury/scripts/ml.in,v
retrieving revision 1.35
diff -u -r1.35 ml.in
--- ml.in	1997/10/12 13:46:45	1.35
+++ ml.in	1998/03/23 07:17:19
@@ -370,8 +370,16 @@
 	# pipes, then we don't use the demangler
 
 		# create the pipe, making sure we remove it if interrupted
-	PIPE=/tmp/ml.$$
-	trap 'rm -f $PIPE; exit 1' 1 2 3 13 15 
+	um=`umask`
+	umask 022
+	TMPDIR=/tmp/ml$$
+	PIPE=$TMPDIR/pipe
+	if ! mkdir $TMPDIR ; then
+		echo "Unable to create temporary pipe"
+		exit 1
+	fi
+	umask $um
+	trap 'rm -rf $TMPDIR; exit 1' 1 2 3 13 15 
 	$MKFIFO $PIPE
 		# execute the demangler in the background, with stdin 
 		# coming from the pipe and with stdout redirected to stderr
@@ -380,7 +388,7 @@
 	exec >$PIPE 2>&1
 		# now we can remove the pipe; since is an open file, it will
 		# stay around until $CC and $DEMANGLER exit
-	rm -f $PIPE
+	rm -rf $TMPDIR
 		# finally execute $CC; stdout & stderr will
 		# go via the pipe to $DEMANGLER and then to stderr
 	;;
Index: scripts/mmake.in
===================================================================
RCS file: /home/staff/zs/imp/mercury/scripts/mmake.in,v
retrieving revision 1.14
diff -u -r1.14 mmake.in
--- mmake.in	1997/07/27 15:09:36	1.14
+++ mmake.in	1998/03/23 07:17:19
@@ -56,6 +56,7 @@
 MMAKE_RULES=${MMAKE_RULES=$MMAKE_DIR/Mmake.rules}
 MERCURY_INT_DIR=${MERCURY_INT_DIR=@LIBDIR@/ints}
 MERCURY_DEFAULT_GRADE=${MERCURY_DEFAULT_GRADE=@DEFAULT_GRADE@}
+MKTMP=@MKTMP@
 
 MMAKE=$0
 verbose=false
@@ -111,8 +112,22 @@
 if $save_makefile; then
 	tmp=Mmake.makefile
 else
-	tmp=/tmp/mmake.$$
-	trap 'status=$?; rm -f $tmp; exit $status' 0 1 2 3 13 15
+	if [ $MKTMP = "" ] ; then
+		um=`umask`
+		umask 022
+		tmpdir=/tmp/mmake$$
+		tmp=$tmpdir/mmake
+		if ! mkdir $tmpdir ; then
+			echo "Unable to create temporary makefile"
+			exit 1
+		fi
+		umask $um
+		trap 'status=$?; rm -rf $tmpdir; exit $status' 0 1 2 3 13 15
+	else
+		# mktemp should give its own error message.
+		tmp=`$MKTMP /tmp/mmake.XXXXXX` || exit 1
+		trap 'status=$?; rm -f $tmp; exit $status' 0 1 2 3 13 15
+	fi
 fi
 
 MMAKE_MAKE_CMD="${MMAKE_MAKE} -f $tmp -r"
@@ -126,7 +141,7 @@
 	echo export MERCURY_INT_DIR
 	echo MERCURY_DEFAULT_GRADE=$MERCURY_DEFAULT_GRADE
 	echo export MERCURY_DEFAULT_GRADE
-	echo cat ${MMAKE_VARS} $deps $ds $mmake ${MMAKE_RULES} ">" $tmp
+	echo cat ${MMAKE_VARS} $deps $ds $mmake ${MMAKE_RULES} ">>" $tmp
 	echo ${MMAKE_MAKE} -f $tmp -r "$@"
 fi
 export MMAKE
cvs server: Diffing tools
cvs server: Diffing util


-- 
       Tyson Dowd           # So I asked Sarah: what's the serial number on
                            # your computer? She replied:
     trd at cs.mu.oz.au        #          A-C-2-4-0-V-/-5-0-H-Z
http://www.cs.mu.oz.au/~trd #