mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-12-03 10:29:15 +00:00
Create tempfiles securely.
Reviewed by: imp
This commit is contained in:
parent
105ef72c55
commit
6470ba8b28
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=56151
@ -162,14 +162,6 @@ static int numCommands; /* The number of commands actually printed
|
||||
#define JOB_FINISHED 2 /* The job is already finished */
|
||||
#define JOB_STOPPED 3 /* The job is stopped */
|
||||
|
||||
/*
|
||||
* tfile is the name of a file into which all shell commands are put. It is
|
||||
* used over by removing it before the child shell is executed. The XXXXXXXXXX
|
||||
* in the string are replaced by mkstemp(3).
|
||||
*/
|
||||
static char tfile[sizeof(TMPPAT)];
|
||||
|
||||
|
||||
/*
|
||||
* Descriptions for various shells.
|
||||
*/
|
||||
@ -993,7 +985,7 @@ JobFinish(job, status)
|
||||
/*
|
||||
* If we are aborting and the job table is now empty, we finish.
|
||||
*/
|
||||
(void) eunlink(tfile);
|
||||
(void) eunlink(job->tfile);
|
||||
Finish(errors);
|
||||
}
|
||||
}
|
||||
@ -1668,6 +1660,7 @@ JobStart(gn, flags, previous)
|
||||
Boolean cmdsOK; /* true if the nodes commands were all right */
|
||||
Boolean local; /* Set true if the job was run locally */
|
||||
Boolean noExec; /* Set true if we decide not to run the job */
|
||||
int tfd; /* File descriptor for temp file */
|
||||
|
||||
if (previous != NULL) {
|
||||
previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE);
|
||||
@ -1697,6 +1690,12 @@ JobStart(gn, flags, previous)
|
||||
}
|
||||
job->flags |= flags;
|
||||
|
||||
(void) strcpy(job->tfile, TMPPAT);
|
||||
if ((tfd = mkstemp(job->tfile)) == -1)
|
||||
Punt("cannot create temp file: %s", strerror(errno));
|
||||
else
|
||||
(void) close(tfd);
|
||||
|
||||
/*
|
||||
* Check the commands now so any attributes from .DEFAULT have a chance
|
||||
* to migrate to the node
|
||||
@ -1722,9 +1721,9 @@ JobStart(gn, flags, previous)
|
||||
DieHorribly();
|
||||
}
|
||||
|
||||
job->cmdFILE = fopen(tfile, "w+");
|
||||
job->cmdFILE = fopen(job->tfile, "w+");
|
||||
if (job->cmdFILE == NULL) {
|
||||
Punt("Could not open %s", tfile);
|
||||
Punt("Could not open %s", job->tfile);
|
||||
}
|
||||
(void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1);
|
||||
/*
|
||||
@ -1830,7 +1829,7 @@ JobStart(gn, flags, previous)
|
||||
* Unlink and close the command file if we opened one
|
||||
*/
|
||||
if (job->cmdFILE != stdout) {
|
||||
(void) eunlink(tfile);
|
||||
(void) eunlink(job->tfile);
|
||||
if (job->cmdFILE != NULL)
|
||||
(void) fclose(job->cmdFILE);
|
||||
} else {
|
||||
@ -1859,7 +1858,7 @@ JobStart(gn, flags, previous)
|
||||
}
|
||||
} else {
|
||||
(void) fflush(job->cmdFILE);
|
||||
(void) eunlink(tfile);
|
||||
(void) eunlink(job->tfile);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2403,13 +2402,6 @@ Job_Init(maxproc, maxlocal)
|
||||
* be running at once. */
|
||||
{
|
||||
GNode *begin; /* node for commands to do at the very start */
|
||||
int tfd;
|
||||
|
||||
(void) strcpy(tfile, TMPPAT);
|
||||
if ((tfd = mkstemp(tfile)) == -1)
|
||||
Punt("cannot create temp file: %s", strerror(errno));
|
||||
else
|
||||
(void) close(tfd);
|
||||
|
||||
jobs = Lst_Init(FALSE);
|
||||
stoppedJobs = Lst_Init(FALSE);
|
||||
@ -2914,7 +2906,7 @@ JobInterrupt(runINTERRUPT, signo)
|
||||
}
|
||||
}
|
||||
}
|
||||
(void) eunlink(tfile);
|
||||
(void) eunlink(job->tfile);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2948,7 +2940,6 @@ Job_End()
|
||||
}
|
||||
}
|
||||
}
|
||||
(void) eunlink(tfile);
|
||||
return(errors);
|
||||
}
|
||||
|
||||
@ -3024,6 +3015,7 @@ Job_AbortAll()
|
||||
KILL(job->pid, SIGINT);
|
||||
KILL(job->pid, SIGKILL);
|
||||
#endif /* RMT_WANTS_SIGNALS */
|
||||
(void) eunlink(job->tfile);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3032,7 +3024,6 @@ Job_AbortAll()
|
||||
*/
|
||||
while (waitpid((pid_t) -1, &foo, WNOHANG) > 0)
|
||||
continue;
|
||||
(void) eunlink(tfile);
|
||||
}
|
||||
|
||||
#ifdef REMOTE
|
||||
|
@ -93,6 +93,8 @@
|
||||
#define JOB_BUFSIZE 1024
|
||||
typedef struct Job {
|
||||
int pid; /* The child's process ID */
|
||||
char tfile[sizeof(TMPPAT)];
|
||||
/* Temporary file to use for job */
|
||||
GNode *node; /* The target the child is making */
|
||||
LstNode tailCmds; /* The node of the first command to be
|
||||
* saved when the job has been run */
|
||||
|
Loading…
Reference in New Issue
Block a user