New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/tmp issues #5745
Comments
From solar@openwall.comHi, I am CC'ing this to a number of Perl folks based on the source files Basically, I've been reviewing and patching various scripts and even The patches we're currently applying to 5.6.0 may be obtained via: cvs -z3 -d :pserver:anoncvs:anoncvs@anoncvs.owl.openwall.com:/cvs co Owl/packages/perl/ Recent changes to the package are: * Thu Jul 18 2002 Solar Designer <solar@owl.openwall.com> * Tue Jul 16 2002 Solar Designer <solar@owl.openwall.com> * Sun Jul 14 2002 Solar Designer <solar@owl.openwall.com> My current TODO file for temporary file handling issues with our Perl + perlbug (also make it use vitmp) On Mon, Jul 15, 2002 at 06:54:50AM +0400, Solar Designer wrote:
-- |
arthur@contiller.se - Status changed from 'new' to 'open' |
From arthur@contiller.seIs this still a problem with 5.8.0, any patches that have not been applied to should be Arthur |
From solar@openwall.comOn Sat, Apr 26, 2003 at 08:36:54AM -0000, Arthur Bergman wrote:
It's been more than half a year since I've been doing these patches, Our Perl package in Openwall GNU/*/Linux is still based around 5.6.0 Obviously, it would help if you happen to have more time for working -- |
From solar@openwall.comHi, Well, our package has been updated to Perl 5.8.3, and attached to this There're also temporary file handling issues and/or bad practices INSTALL makeaperl.SH perly.fixer ext/SDBM_File/sdbm/grind and in OS-specific files that are not used on Linux, especially in CGI.pm's temporary file handling needs to be re-done making use of -- On Sat, Apr 26, 2003 at 09:34:13PM +0400, Solar Designer wrote:
|
From solar@openwall.comperl-5.8.3-owl-tmp.diffdiff -ur perl-5.8.3.orig/ext/DB_File/DB_File.pm perl-5.8.3/ext/DB_File/DB_File.pm
--- perl-5.8.3.orig/ext/DB_File/DB_File.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/DB_File/DB_File.pm Mon Jan 19 20:14:11 2004
@@ -1821,7 +1821,7 @@
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
my $db = tie %hash, 'DB_File', $filename, O_CREAT|O_RDWR, 0666, $DB_HASH
@@ -1863,7 +1863,7 @@
use strict ;
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
@@ -1894,8 +1894,8 @@
The locking technique went like this.
- $db = tie(%db, 'DB_File', '/tmp/foo.db', O_CREAT|O_RDWR, 0666)
- || die "dbcreat /tmp/foo.db $!";
+ $db = tie(%db, 'DB_File', '/var/run/foo.db', O_CREAT|O_RDWR, 0644)
+ || die "dbcreat /var/run/foo.db $!";
$fd = $db->fd;
open(DB_FH, "+<&=$fd") || die "dup $!";
flock (DB_FH, LOCK_EX) || die "flock: $!";
diff -ur perl-5.8.3.orig/ext/DB_File/t/db-recno.t perl-5.8.3/ext/DB_File/t/db-recno.t
--- perl-5.8.3.orig/ext/DB_File/t/db-recno.t Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/DB_File/t/db-recno.t Sun Jan 25 18:53:51 2004
@@ -1198,7 +1198,7 @@
my $testnum = 181;
my $failed = 0;
-require POSIX; my $tmp = POSIX::tmpnam();
+my $tmp = "dbr$$";
foreach my $test (@tests) {
my $err = test_splice(@$test);
if (defined $err) {
diff -ur perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm perl-5.8.3/ext/Devel/PPPort/PPPort.pm
--- perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/Devel/PPPort/PPPort.pm Sun Jan 25 16:16:53 2004
@@ -349,13 +349,13 @@
}
if ($changes) {
- open(OUT,">/tmp/ppport.h.$$");
+ open(OUT,"ppport.h.$$");
print OUT $c;
close(OUT);
- open(DIFF, "diff -u $filename /tmp/ppport.h.$$|");
- while (<DIFF>) { s!/tmp/ppport\.h\.$$!$filename.patched!; print STDOUT; }
+ open(DIFF, "diff -u $filename ppport.h.$$|");
+ while (<DIFF>) { s!ppport\.h\.$$!$filename.patched!; print STDOUT; }
close(DIFF);
- unlink("/tmp/ppport.h.$$");
+ unlink("ppport.h.$$");
} else {
print "Looks OK\n";
}
diff -ur perl-5.8.3.orig/ext/IO/t/io_unix.t perl-5.8.3/ext/IO/t/io_unix.t
--- perl-5.8.3.orig/ext/IO/t/io_unix.t Tue Sep 30 17:10:17 2003
+++ perl-5.8.3/ext/IO/t/io_unix.t Sun Jan 25 16:17:43 2004
@@ -24,7 +24,7 @@
elsif ($^O eq 'os2') {
require IO::Socket;
- eval {IO::Socket::pack_sockaddr_un('/tmp/foo') || 1}
+ eval {IO::Socket::pack_sockaddr_un('/foo/bar') || 1}
or $@ !~ /not implemented/ or
$reason = 'compiled without TCP/IP stack v4';
} elsif ($^O =~ m/^(?:qnx|nto|vos)$/ ) {
@@ -37,7 +37,7 @@
}
}
-$PATH = "/tmp/sock-$$";
+$PATH = "sock-$$";
# Test if we can create the file within the tmp directory
if (-e $PATH or not open(TEST, ">$PATH") and $^O ne 'os2') {
diff -ur perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs perl-5.8.3/ext/ODBM_File/ODBM_File.xs
--- perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs Tue Sep 30 17:10:20 2003
+++ perl-5.8.3/ext/ODBM_File/ODBM_File.xs Mon Jan 19 21:55:54 2004
@@ -32,7 +32,7 @@
* Set DBM_BUG_DUPLICATE_FREE in the extension hint file.
*/
/* Close the previous dbm, and fail to open a new dbm */
-#define dbmclose() ((void) dbminit("/tmp/x/y/z/z/y"))
+#define dbmclose() ((void) dbminit("/nonexistent"))
#endif
#include <fcntl.h>
diff -ur perl-5.8.3.orig/ext/POSIX/POSIX.pod perl-5.8.3/ext/POSIX/POSIX.pod
--- perl-5.8.3.orig/ext/POSIX/POSIX.pod Tue Sep 30 17:10:22 2003
+++ perl-5.8.3/ext/POSIX/POSIX.pod Sun Jan 25 16:19:16 2004
@@ -417,9 +417,9 @@
uses file descriptors such as those obtained by calling C<POSIX::open>.
The following will determine the maximum length of the longest allowable
-pathname on the filesystem which holds C</tmp/foo>.
+pathname on the filesystem which holds C</var/foo>.
- $fd = POSIX::open( "/tmp/foo", &POSIX::O_RDONLY );
+ $fd = POSIX::open( "/var/foo", &POSIX::O_RDONLY );
$path_max = POSIX::fpathconf( $fd, &POSIX::_PC_PATH_MAX );
Returns C<undef> on failure.
@@ -919,7 +919,7 @@
Open a directory for reading.
- $dir = POSIX::opendir( "/tmp" );
+ $dir = POSIX::opendir( "/var" );
@files = POSIX::readdir( $dir );
POSIX::closedir( $dir );
@@ -930,9 +930,9 @@
Retrieves the value of a configurable limit on a file or directory.
The following will determine the maximum length of the longest allowable
-pathname on the filesystem which holds C</tmp>.
+pathname on the filesystem which holds C</var>.
- $path_max = POSIX::pathconf( "/tmp", &POSIX::_PC_PATH_MAX );
+ $path_max = POSIX::pathconf( "/var", &POSIX::_PC_PATH_MAX );
Returns C<undef> on failure.
diff -ur perl-5.8.3.orig/ext/Socket/Socket.pm perl-5.8.3/ext/Socket/Socket.pm
--- perl-5.8.3.orig/ext/Socket/Socket.pm Tue Sep 30 17:10:25 2003
+++ perl-5.8.3/ext/Socket/Socket.pm Mon Jan 19 20:14:11 2004
@@ -32,8 +32,8 @@
$proto = getprotobyname('tcp');
socket(Socket_Handle, PF_UNIX, SOCK_STREAM, $proto);
- unlink('/tmp/usock');
- $sun = sockaddr_un('/tmp/usock');
+ unlink('/var/run/usock');
+ $sun = sockaddr_un('/var/run/usock');
connect(Socket_Handle,$sun);
=head1 DESCRIPTION
diff -ur perl-5.8.3.orig/ext/Storable/Storable.pm perl-5.8.3/ext/Storable/Storable.pm
--- perl-5.8.3.orig/ext/Storable/Storable.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/Storable/Storable.pm Sun Jan 25 16:24:24 2004
@@ -786,10 +786,10 @@
%color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
- store(\%color, '/tmp/colors') or die "Can't store %a in /tmp/colors!\n";
+ store(\%color, '/var/run/colors') or die "Can't store %a in /var/run/colors!\n";
- $colref = retrieve('/tmp/colors');
- die "Unable to retrieve from /tmp/colors!\n" unless defined $colref;
+ $colref = retrieve('/var/run/colors');
+ die "Unable to retrieve from /var/run/colors!\n" unless defined $colref;
printf "Blue is still %lf\n", $colref->{'Blue'};
$colref2 = dclone(\%color);
diff -ur perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL perl-5.8.3/ext/Time/HiRes/Makefile.PL
--- perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL Tue Oct 28 20:35:51 2003
+++ perl-5.8.3/ext/Time/HiRes/Makefile.PL Sun Jan 25 16:27:01 2004
@@ -71,19 +71,11 @@
# without changing it, and then I'd always forget to change it before a
# release. Sorry, Edward :)
-sub TMPDIR {
- my $TMPDIR =
- (grep(defined $_ && -d $_ && -w _,
- ((defined $ENV{'TMPDIR'} ? $ENV{'TMPDIR'} : undef),
- qw(/var/tmp /usr/tmp /tmp c:/temp))))[0];
- $TMPDIR || die "Cannot find writable temporary directory.\n";
-}
-
sub try_compile_and_link {
my ($c, %args) = @_;
my ($ok) = 0;
- my ($tmp) = (($^O eq 'VMS') ? "sys\$scratch:tmp$$" : TMPDIR() . '/' . "tmp$$");
+ my ($tmp) = "tmp$$";
local(*TMPC);
my $obj_ext = $Config{obj_ext} || ".o";
diff -ur perl-5.8.3.orig/lib/CGI/Cookie.pm perl-5.8.3/lib/CGI/Cookie.pm
--- perl-5.8.3.orig/lib/CGI/Cookie.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/CGI/Cookie.pm Mon Jan 19 20:14:11 2004
@@ -407,7 +407,7 @@
You may also retrieve cookies that were stored in some external
form using the parse() class method:
- $COOKIES = `cat /usr/tmp/Cookie_stash`;
+ $COOKIES = `cat /var/run/www/Cookie_stash`;
%cookies = parse CGI::Cookie($COOKIES);
If you are in a mod_perl environment, you can save some overhead by
diff -ur perl-5.8.3.orig/lib/CGI.pm perl-5.8.3/lib/CGI.pm
--- perl-5.8.3.orig/lib/CGI.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/CGI.pm Sun Jan 25 16:45:26 2004
@@ -2,6 +2,9 @@
require 5.004;
use Carp 'croak';
+# XXX: The temporary file handling implemented in here is crap. It should
+# be re-done making use of File::Temp.
+
# See the bottom of this file for the POD documentation. Search for the
# string '=head'.
diff -ur perl-5.8.3.orig/lib/CPAN.pm perl-5.8.3/lib/CPAN.pm
--- perl-5.8.3.orig/lib/CPAN.pm Tue Sep 30 17:10:44 2003
+++ perl-5.8.3/lib/CPAN.pm Sun Jan 25 16:46:02 2004
@@ -2273,7 +2273,7 @@
# If more accuracy is wanted/needed, Chris Leach sent me this patch...
# > *** /install/perl/live/lib/CPAN.pm- Wed Sep 24 13:08:48 1997
- # > --- /tmp/cp Wed Sep 24 13:26:40 1997
+ # > --- cp Wed Sep 24 13:26:40 1997
# > ***************
# > *** 1562,1567 ****
# > --- 1562,1580 ----
diff -ur perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm perl-5.8.3/lib/ExtUtils/MakeMaker.pm
--- perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm Fri Oct 31 22:03:49 2003
+++ perl-5.8.3/lib/ExtUtils/MakeMaker.pm Sun Jan 25 16:48:00 2004
@@ -1013,7 +1013,7 @@
The Makefile to be produced may be altered by adding arguments of the
form C<KEY=VALUE>. E.g.
- perl Makefile.PL PREFIX=/tmp/myperl5
+ perl Makefile.PL PREFIX=~/myperl5
Other interesting targets in the generated Makefile are
@@ -1355,13 +1355,13 @@
This is the root directory into which the code will be installed. It
I<prepends itself to the normal prefix>. For example, if your code
-would normally go into /usr/local/lib/perl you could set DESTDIR=/tmp/
-and installation would go into /tmp/usr/local/lib/perl.
+would normally go into /usr/local/lib/perl you could set DESTDIR=/other/
+and installation would go into /other/usr/local/lib/perl.
This is primarily of use for people who repackage Perl modules.
NOTE: Due to the nature of make, it is important that you put the trailing
-slash on your DESTDIR. "/tmp/" not "/tmp".
+slash on your DESTDIR. "/other/" not "/other".
=item DIR
diff -ur perl-5.8.3.orig/lib/ExtUtils/instmodsh perl-5.8.3/lib/ExtUtils/instmodsh
--- perl-5.8.3.orig/lib/ExtUtils/instmodsh Tue Sep 30 17:10:47 2003
+++ perl-5.8.3/lib/ExtUtils/instmodsh Mon Jan 19 20:14:11 2004
@@ -2,6 +2,7 @@
use strict;
use IO::File;
+use File::Temp;
use ExtUtils::Packlist;
use ExtUtils::Installed;
@@ -58,16 +59,12 @@
$reply =~ /^t\s*/ and do
{
my $file = (split(' ', $reply))[1];
- my $tmp = "/tmp/inst.$$";
- if (my $fh = IO::File->new($tmp, "w"))
- {
- $fh->print(join("\n", $Inst->files($module)));
- $fh->close();
- system("tar cvf $file -I $tmp");
- unlink($tmp);
- last CASE;
- }
- else { print("Can't open $file: $!\n"); }
+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1);
+ $fh->print(join("\n", $Inst->files($module)));
+ $fh->close();
+ # This used to use -I which is wrong for GNU tar.
+ system("tar cvf $file -T $tmp");
+ unlink($tmp);
last CASE;
};
$reply eq 'v' and do
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie.t perl-5.8.3/lib/Memoize/t/tie.t
--- perl-5.8.3.orig/lib/Memoize/t/tie.t Tue Sep 30 17:10:58 2003
+++ perl-5.8.3/lib/Memoize/t/tie.t Sun Jan 25 16:54:31 2004
@@ -29,14 +29,7 @@
$_[0]+1;
}
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import('tmpdir', 'catfile');
- $tmpdir = tmpdir();
-} else {
- *catfile = sub { join '/', @_ };
- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-}
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
@files = ($file, "$file.db", "$file.dir", "$file.pag");
1 while unlink @files;
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t perl-5.8.3/lib/Memoize/t/tie_gdbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t Tue Sep 30 17:10:58 2003
+++ perl-5.8.3/lib/Memoize/t/tie_gdbm.t Sun Jan 25 16:53:07 2004
@@ -26,13 +26,7 @@
print "1..4\n";
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('GDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t perl-5.8.3/lib/Memoize/t/tie_ndbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_ndbm.t Sun Jan 25 16:53:56 2004
@@ -28,14 +28,7 @@
print "1..4\n";
-
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('Memoize::NDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t perl-5.8.3/lib/Memoize/t/tie_sdbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_sdbm.t Sun Jan 25 16:52:33 2004
@@ -28,14 +28,7 @@
print "1..4\n";
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import('tmpdir', 'catfile');
- $tmpdir = tmpdir();
-} else {
- *catfile = sub { join '/', @_ };
- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-}
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('Memoize::SDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_storable.t perl-5.8.3/lib/Memoize/t/tie_storable.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_storable.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_storable.t Sun Jan 25 16:53:25 2004
@@ -33,14 +33,7 @@
print "1..4\n";
-
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "storable$$");
+$file = "storable$$";
1 while unlink $file;
tryout('Memoize::Storable', $file, 1); # Test 1..4
1 while unlink $file;
diff -ur perl-5.8.3.orig/lib/Shell.pm perl-5.8.3/lib/Shell.pm
--- perl-5.8.3.orig/lib/Shell.pm Tue Sep 30 17:11:05 2003
+++ perl-5.8.3/lib/Shell.pm Mon Jan 19 20:14:11 2004
@@ -140,7 +140,7 @@
sub ps;
print ps -ww;
- cp("/etc/passwd", "/tmp/passwd");
+ cp("/etc/passwd", "/etc/passwd.orig");
That's maybe too gonzo. It actually exports an AUTOLOAD to the current
package (and uncovered a bug in Beta 3, by the way). Maybe the usual
diff -ur perl-5.8.3.orig/lib/dotsh.pl perl-5.8.3/lib/dotsh.pl
--- perl-5.8.3.orig/lib/dotsh.pl Tue Sep 30 17:11:16 2003
+++ perl-5.8.3/lib/dotsh.pl Mon Jan 19 20:14:11 2004
@@ -27,9 +27,9 @@
# dependent upon. These variables MUST be defined using shell syntax.
#
# Example:
-# &dotsh ('/tmp/foo', 'arg1');
-# &dotsh ('/tmp/foo');
-# &dotsh ('/tmp/foo arg1 ... argN');
+# &dotsh ('/foo/bar', 'arg1');
+# &dotsh ('/foo/bar');
+# &dotsh ('/foo/bar arg1 ... argN');
#
sub dotsh {
local(@sh) = @_;
@@ -54,19 +54,17 @@
}
}
if (length($vars) > 0) {
- system "$shell \"$vars;. $command $args; set > /tmp/_sh_env$$\"";
+ open (_SH_ENV, "$shell \"$vars && . $command $args && set \" |") || die;
} else {
- system "$shell \". $command $args; set > /tmp/_sh_env$$\"";
+ open (_SH_ENV, "$shell \". $command $args && set \" |") || die;
}
- open (_SH_ENV, "/tmp/_sh_env$$") || die "Could not open /tmp/_sh_env$$!\n";
while (<_SH_ENV>) {
chop;
m/^([^=]*)=(.*)/s;
$ENV{$1} = $2;
}
close (_SH_ENV);
- system "rm -f /tmp/_sh_env$$";
foreach $key (keys(%ENV)) {
$tmp .= "\$$key = \$ENV{'$key'};" if $key =~ /^[A-Za-z]\w*$/;
diff -ur perl-5.8.3.orig/lib/perl5db.pl perl-5.8.3/lib/perl5db.pl
--- perl-5.8.3.orig/lib/perl5db.pl Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/perl5db.pl Mon Jan 19 20:14:11 2004
@@ -206,7 +206,7 @@
=item * noTTY
if set, goes in NonStop mode. On interrupt, if TTY is not set,
-uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using
+uses the value of noTTY or "/var/run/perldbtty$$" to find TTY using
Term::Rendezvous. Current variant is to have the name of TTY in this
file.
@@ -5689,8 +5689,8 @@
else {
eval "require Term::Rendezvous;" or die;
# See if we have anything to pass to Term::Rendezvous.
- # Use /tmp/perldbtty$$ if not.
- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$";
+ # Use /var/run/perldbtty$$ if not.
+ my $rv = $ENV{PERLDB_NOTTY} || "/var/run/perldbtty$$";
# Rendezvous and get the filehandles.
my $term_rv = new Term::Rendezvous $rv;
diff -ur perl-5.8.3.orig/mpeix/nm perl-5.8.3/mpeix/nm
--- perl-5.8.3.orig/mpeix/nm Tue Sep 30 17:11:39 2003
+++ perl-5.8.3/mpeix/nm Sun Jan 25 16:55:26 2004
@@ -22,12 +22,12 @@
# I wanted to pipe this into awk, but it fell victim to a known pipe/streams
# bug on my multiprocessor machine.
-callci xeq linkedit.pub.sys \"$LIST\" >/tmp/nm.$$
+callci xeq linkedit.pub.sys \"$LIST\" >nm.$$
/bin/awk '\
/ data univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$5,"extern","data","?"} \
- / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' /tmp/nm.$$
+ / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' nm.$$
-rm -f /tmp/nm.$$
+rm -f nm.$$
exit 0
diff -ur perl-5.8.3.orig/mpeix/relink perl-5.8.3/mpeix/relink
--- perl-5.8.3.orig/mpeix/relink Tue Sep 30 17:11:39 2003
+++ perl-5.8.3/mpeix/relink Sun Jan 25 16:55:44 2004
@@ -14,7 +14,7 @@
echo "Creating $RAND.sl...\n"
-TEMP=/tmp/perlmpe.$$
+TEMP=perlmpe.$$
rm -f $TEMP $RAND.a $RAND.sl
diff -ur perl-5.8.3.orig/perly.fixer perl-5.8.3/perly.fixer
--- perl-5.8.3.orig/perly.fixer Tue Sep 30 17:11:42 2003
+++ perl-5.8.3/perly.fixer Mon Jan 19 20:14:11 2004
@@ -23,7 +23,7 @@
input=$1
output=$2
-tmp=/tmp/f$$
+tmp=perly$$
inputh=`echo $input|sed 's:\.c$:.h:'`
if grep '^#ifdef PERL_CORE' $inputh; then
diff -ur perl-5.8.3.orig/pod/perl571delta.pod perl-5.8.3/pod/perl571delta.pod
--- perl-5.8.3.orig/pod/perl571delta.pod Tue Sep 30 17:11:44 2003
+++ perl-5.8.3/pod/perl571delta.pod Sun Jan 25 16:57:40 2004
@@ -771,17 +771,17 @@
If your file system supports symbolic links you can build Perl outside
of the source directory by
- mkdir /tmp/perl/build/directory
- cd /tmp/perl/build/directory
+ mkdir perl/build/directory
+ cd perl/build/directory
sh /path/to/perl/source/Configure -Dmksymlinks ...
-This will create in /tmp/perl/build/directory a tree of symbolic links
+This will create in perl/build/directory a tree of symbolic links
pointing to files in /path/to/perl/source. The original files are left
unaffected. After Configure has finished you can just say
make all test
-and Perl will be built and tested, all in /tmp/perl/build/directory.
+and Perl will be built and tested, all in perl/build/directory.
=back
diff -ur perl-5.8.3.orig/pod/perl58delta.pod perl-5.8.3/pod/perl58delta.pod
--- perl-5.8.3.orig/pod/perl58delta.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perl58delta.pod Sun Jan 25 16:58:03 2004
@@ -1905,17 +1905,17 @@
If your file system supports symbolic links, you can build Perl outside
of the source directory by
- mkdir /tmp/perl/build/directory
- cd /tmp/perl/build/directory
+ mkdir perl/build/directory
+ cd perl/build/directory
sh /path/to/perl/source/Configure -Dmksymlinks ...
-This will create in /tmp/perl/build/directory a tree of symbolic links
+This will create in perl/build/directory a tree of symbolic links
pointing to files in /path/to/perl/source. The original files are left
unaffected. After Configure has finished, you can just say
make all test
-and Perl will be built and tested, all in /tmp/perl/build/directory.
+and Perl will be built and tested, all in perl/build/directory.
[561]
=item *
diff -ur perl-5.8.3.orig/pod/perldbmfilter.pod perl-5.8.3/pod/perldbmfilter.pod
--- perl-5.8.3.orig/pod/perldbmfilter.pod Tue Sep 30 17:11:45 2003
+++ perl-5.8.3/pod/perldbmfilter.pod Mon Jan 19 20:14:11 2004
@@ -91,7 +91,7 @@
use Fcntl ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
my $db = tie(%hash, 'SDBM_File', $filename, O_RDWR|O_CREAT, 0640)
@@ -137,7 +137,7 @@
use warnings ;
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
diff -ur perl-5.8.3.orig/pod/perldebug.pod perl-5.8.3/pod/perldebug.pod
--- perl-5.8.3.orig/pod/perldebug.pod Tue Sep 30 17:11:45 2003
+++ perl-5.8.3/pod/perldebug.pod Mon Jan 19 20:14:11 2004
@@ -700,7 +700,7 @@
with two methods: C<IN> and C<OUT>. These should return filehandles to use
for debugging input and output correspondingly. The C<new> method should
inspect an argument containing the value of C<$ENV{PERLDB_NOTTY}> at
-startup, or C<"/tmp/perldbtty$$"> otherwise. This file is not
+startup, or C<"/var/run/perldbtty$$"> otherwise. This file is not
inspected for proper ownership, so security hazards are theoretically
possible.
diff -ur perl-5.8.3.orig/pod/perlfaq5.pod perl-5.8.3/pod/perlfaq5.pod
--- perl-5.8.3.orig/pod/perlfaq5.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlfaq5.pod Sun Jan 25 16:59:15 2004
@@ -141,6 +141,7 @@
my $count = 0;
until (defined(fileno(FH)) || $count++ > 100) {
$base_name =~ s/-(\d+)$/"-" . (1 + $1)/e;
+ # O_EXCL is required for security reasons.
sysopen(FH, $base_name, O_WRONLY|O_EXCL|O_CREAT);
}
if (defined(fileno(FH))
@@ -427,8 +428,8 @@
To open a file without blocking, creating if necessary:
- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT)
- or die "can't open /tmp/somefile: $!":
+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT)
+ or die "can't open /foo/somefile: $!":
Be warned that neither creation nor deletion of files is guaranteed to
be an atomic operation over NFS. That is, two processes might both
@@ -924,7 +925,7 @@
If you check L<perlfunc/open>, you'll see that several of the ways
to call open() should do the trick. For example:
- open(LOG, ">>/tmp/logfile");
+ open(LOG, ">>/foo/logfile");
open(STDERR, ">&LOG");
Or even with a literal numeric descriptor:
diff -ur perl-5.8.3.orig/pod/perlfaq8.pod perl-5.8.3/pod/perlfaq8.pod
--- perl-5.8.3.orig/pod/perlfaq8.pod Tue Sep 30 17:11:46 2003
+++ perl-5.8.3/pod/perlfaq8.pod Mon Jan 19 20:14:11 2004
@@ -749,10 +749,10 @@
while (<PH>) { } # plus a read
To read both a command's STDOUT and its STDERR separately, it's easiest
-and safest to redirect them separately to files, and then read from those
-files when the program is done:
+to redirect them separately to files, and then read from those files
+when the program is done:
- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr");
+ system("program args 1>program.stdout 2>program.stderr");
Ordering is important in all these examples. That's because the shell
processes file descriptor redirections in strictly left to right order.
@@ -1063,8 +1063,8 @@
sysopen():
use Fcntl;
- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644)
- or die "can't open /tmp/somefile: $!":
+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644)
+ or die "can't open /foo/somefile: $!":
=head2 How do I install a module from CPAN?
diff -ur perl-5.8.3.orig/pod/perlfunc.pod perl-5.8.3/pod/perlfunc.pod
--- perl-5.8.3.orig/pod/perlfunc.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlfunc.pod Mon Jan 19 20:14:11 2004
@@ -2928,7 +2928,7 @@
open(ARTICLE, "caesar <$article |") # ditto
or die "Can't start caesar: $!";
- open(EXTRACT, "|sort >/tmp/Tmp$$") # $$ is our process id
+ open(EXTRACT, "|sort >Tmp$$") # $$ is our process id
or die "Can't start sort: $!";
# in memory files
diff -ur perl-5.8.3.orig/pod/perlipc.pod perl-5.8.3/pod/perlipc.pod
--- perl-5.8.3.orig/pod/perlipc.pod Tue Sep 30 17:11:48 2003
+++ perl-5.8.3/pod/perlipc.pod Mon Jan 19 20:14:11 2004
@@ -1030,7 +1030,7 @@
use strict;
my ($rendezvous, $line);
- $rendezvous = shift || '/tmp/catsock';
+ $rendezvous = shift || 'catsock';
socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!";
connect(SOCK, sockaddr_un($rendezvous)) || die "connect: $!";
while (defined($line = <SOCK>)) {
@@ -1051,7 +1051,7 @@
sub spawn; # forward declaration
sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" }
- my $NAME = '/tmp/catsock';
+ my $NAME = 'catsock';
my $uaddr = sockaddr_un($NAME);
my $proto = getprotobyname('tcp');
diff -ur perl-5.8.3.orig/pod/perllexwarn.pod perl-5.8.3/pod/perllexwarn.pod
--- perl-5.8.3.orig/pod/perllexwarn.pod Tue Sep 30 17:11:48 2003
+++ perl-5.8.3/pod/perllexwarn.pod Sun Jan 25 17:02:14 2004
@@ -381,9 +381,9 @@
sub open {
my $path = shift ;
if ($path !~ m#^/#) {
- warnings::warn("changing relative path to /tmp/")
+ warnings::warn("changing relative path to /var/abc")
if warnings::enabled();
- $path = "/tmp/$path" ;
+ $path = "/var/abc/$path";
}
}
diff -ur perl-5.8.3.orig/pod/perlobj.pod perl-5.8.3/pod/perlobj.pod
--- perl-5.8.3.orig/pod/perlobj.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlobj.pod Mon Jan 19 20:14:11 2004
@@ -535,15 +535,15 @@
warn "time to die...";
exit;
-When run as F</tmp/test>, the following output is produced:
+When run as F</foo/test>, the following output is produced:
- starting program at /tmp/test line 18.
- CREATING SCALAR(0x8e5b8) at /tmp/test line 7.
- CREATING SCALAR(0x8e57c) at /tmp/test line 7.
- leaving block at /tmp/test line 23.
- DESTROYING Subtle=SCALAR(0x8e5b8) at /tmp/test line 13.
- just exited block at /tmp/test line 26.
- time to die... at /tmp/test line 27.
+ starting program at /foo/test line 18.
+ CREATING SCALAR(0x8e5b8) at /foo/test line 7.
+ CREATING SCALAR(0x8e57c) at /foo/test line 7.
+ leaving block at /foo/test line 23.
+ DESTROYING Subtle=SCALAR(0x8e5b8) at /foo/test line 13.
+ just exited block at /foo/test line 26.
+ time to die... at /foo/test line 27.
DESTROYING Subtle=SCALAR(0x8e57c) during global destruction.
Notice that "global destruction" bit there? That's the thread
diff -ur perl-5.8.3.orig/pod/perlop.pod perl-5.8.3/pod/perlop.pod
--- perl-5.8.3.orig/pod/perlop.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlop.pod Mon Jan 19 20:14:11 2004
@@ -1160,10 +1160,10 @@
$output = `cmd 3>&1 1>&2 2>&3 3>&-`;
To read both a command's STDOUT and its STDERR separately, it's easiest
-and safest to redirect them separately to files, and then read from those
-files when the program is done:
+to redirect them separately to files, and then read from those files
+when the program is done:
- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr");
+ system("program args 1>program.stdout 2>program.stderr");
Using single-quote as a delimiter protects the command from Perl's
double-quote interpolation, passing it on to the shell instead:
diff -ur perl-5.8.3.orig/pod/perlopentut.pod perl-5.8.3/pod/perlopentut.pod
--- perl-5.8.3.orig/pod/perlopentut.pod Tue Sep 30 17:11:49 2003
+++ perl-5.8.3/pod/perlopentut.pod Mon Jan 19 20:14:11 2004
@@ -192,11 +192,11 @@
open(WTMP, "+< /usr/adm/wtmp")
|| die "can't open /usr/adm/wtmp: $!";
- open(SCREEN, "+> /tmp/lkscreen")
- || die "can't open /tmp/lkscreen: $!";
+ open(SCREEN, "+> lkscreen")
+ || die "can't open lkscreen: $!";
- open(LOGFILE, "+>> /tmp/applog"
- || die "can't open /tmp/applog: $!";
+ open(LOGFILE, "+>> /var/log/applog"
+ || die "can't open /var/log/applog: $!";
The first one won't create a new file, and the second one will always
clobber an old one. The third one will create a new file if necessary
diff -ur perl-5.8.3.orig/utils/c2ph.PL perl-5.8.3/utils/c2ph.PL
--- perl-5.8.3.orig/utils/c2ph.PL Tue Sep 30 17:12:10 2003
+++ perl-5.8.3/utils/c2ph.PL Mon Jan 19 20:18:11 2004
@@ -280,6 +280,7 @@
$RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $';
+use File::Temp;
######################################################################
@@ -480,6 +481,13 @@
printf "%-16s%-15s %s\n", $var, eval "\$$var", $msg;
}
+sub safedir {
+ $SAFEDIR = File::Temp::tempdir("c2ph.XXXXXX", TMPDIR => 1, CLEANUP => 1)
+ unless (defined($SAFEDIR));
+}
+
+undef $SAFEDIR;
+
$recurse = 1;
if (@ARGV) {
@@ -495,15 +503,15 @@
}
elsif (@ARGV == 1 && $ARGV[0] =~ /\.c$/) {
local($dir, $file) = $ARGV[0] =~ m#(.*/)?(.*)$#;
- $chdir = "cd $dir; " if $dir;
+ $chdir = "cd $dir && " if $dir;
&system("$chdir$CC $CFLAGS $DEFINES $file") && exit 1;
$ARGV[0] =~ s/\.c$/.s/;
}
else {
- $TMPDIR = tempdir(CLEANUP => 1);
- $TMP = "$TMPDIR/c2ph.$$.c";
+ &safedir;
+ $TMP = "$SAFEDIR/c2ph.$$.c";
&system("cat @ARGV > $TMP") && exit 1;
- &system("cd $TMPDIR; $CC $CFLAGS $DEFINES $TMP") && exit 1;
+ &system("cd $SAFEDIR && $CC $CFLAGS $DEFINES $TMP") && exit 1;
unlink $TMP;
$TMP =~ s/\.c$/.s/;
@ARGV = ($TMP);
@@ -1274,8 +1282,8 @@
}
sub compute_intrinsics {
- $TMPDIR ||= tempdir(CLEANUP => 1);
- local($TMP) = "$TMPDIR/c2ph-i.$$.c";
+ &safedir;
+ local($TMP) = "$SAFEDIR/c2ph-i.$$.c";
open (TMP, ">$TMP") || die "can't open $TMP: $!";
select(TMP);
@@ -1303,7 +1311,7 @@
close TMP;
select(STDOUT);
- open(PIPE, "cd $TMPDIR && $CC $TMP && $TMPDIR/a.out|");
+ open(PIPE, "cd $SAFEDIR && $CC $TMP && $SAFEDIR/a.out|");
while (<PIPE>) {
chop;
split(' ',$_,2);;
@@ -1312,7 +1320,7 @@
$intrinsics{$_[1]} = $template{$_[0]};
}
close(PIPE) || die "couldn't read intrinsics!";
- unlink($TMP, '$TMPDIR/a.out');
+ unlink($TMP, '$SAFEDIR/a.out');
print STDERR "done\n" if $trace;
}
diff -ur perl-5.8.3.orig/utils/perlbug.PL perl-5.8.3/utils/perlbug.PL
--- perl-5.8.3.orig/utils/perlbug.PL Tue Sep 30 17:12:10 2003
+++ perl-5.8.3/utils/perlbug.PL Mon Jan 19 20:14:11 2004
@@ -78,7 +78,7 @@
print OUT <<'!NO!SUBS!';
use Config;
-use File::Spec; # keep perlbug Perl 5.005 compatible
+use File::Temp;
use Getopt::Std;
use strict;
@@ -958,10 +958,9 @@
}
sub filename {
- my $dir = File::Spec->tmpdir();
- $filename = "bugrep0$$";
- $filename++ while -e File::Spec->catfile($dir, $filename);
- $filename = File::Spec->catfile($dir, $filename);
+ my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
+ close($fh);
+ return $filename;
}
sub paraprint {
|
From @iabynOn Mon, Jan 26, 2004 at 01:22:18AM +0300, Solar Designer wrote:
Thanks, applied to bleedperl as change #22255, except for the following: Many systems don't have a /var/run directory, or it is only writeable by root; ext/DB_File/DB_File.pm ext/ODBM_File/ODBM_File.xs lib/CGI.pm +# XXX: The temporary file handling implemented in here is crap. It should lib/CPAN.pm # If more accuracy is wanted/needed, Chris Leach sent me this patch... lib/ExtUtils/instmodsh lib/perl5db.pl utils/perlbug.PL This is designed to run on old 5.005 syststems, and as such it can't -- |
From @iabynOn Sun, Feb 01, 2004 at 11:40:05PM +0300, Solar Designer wrote:
I'm hoping that will be Someone Else's Problem.
I suspect that whole patch-in-a-comment can probably be removed, judging
Because someone trying but failing to install a newer version of /usr/bin/old-working-perl newperl-installdir/bin/perlbug ... But yes, it needs fixing somehow. -- |
From solar@openwall.comOn Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote:
Thank you! My comments on the non-applied changes below:
OK.
OK.
OK, but it does need to be re-worked! The current code is insecure. I don't think it can be fixed without changing user-visible interfaces,
OK, although not having "/tmp" there would save me and others a few
Great!
OK.
Hmm. Perhaps I am missing something, but why does the version of Thanks again, -- |
From @nwc10On Sun, Feb 01, 2004 at 09:18:16PM +0000, Dave Mitchell wrote:
Also you may run perlbug like that if you have more than one version of perl From memory, I think that that the intent of specific patch hunk could be Nicholas Clark |
From @nwc10On Wed, Feb 04, 2004 at 10:59:27PM +0000, Nicholas Clark wrote:
I made the appended change. Nicholas Clark Change 22407 by nicholas@faith on 2004/02/28 16:10:20 Use File::Temp for tempfiles if it is available. Affected files ... ... //depot/perl/utils/perlbug.PL#45 edit Differences ... ==== //depot/perl/utils/perlbug.PL#45 (text) ==== @@ -89,9 +89,12 @@ -my $Version = "1.34"; # Changed in 1.06 to skip Mail::Send and Mail::Util if not available. # TODO: - Allow the user to re-name the file on mail failure, and sub filename { sub paraprint { |
From @nwc10On Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote:
Change 22258 by davem@davem-percy on 2004/02/01 17:40:02 Subject: Re: [perl #15063] /tmp issues Remove insecure usage of /tmp from code and documentation Affected files ... ... //depot/perl/ext/DB_File/DB_File.pm#48 edit This touches quite a few dual life modules maintained outside the core, yet [I was about to merge it to maint then had second thoughts because of this] Nicholas Clark |
From @iabynOn Sat, Feb 28, 2004 at 05:06:51PM +0000, Nicholas Clark wrote:
I applied this patch when I was still in a state of blissful ignorance about Dave. -- |
From @nwc10On Sat, Feb 28, 2004 at 05:39:33PM +0000, Dave Mitchell wrote:
I think the combination is what Rafael said should be done. Certainly the Given that I'm trying to get a maint snapshot out this weekend, I'd be happy Nicholas Clark |
From @smpeters
Change 22409 by davem@davem-percy on 2004/02/28 23:29:10 Bump version numbers of moules affected by change #22258 Done. |
@smpeters - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#15063 (status was 'resolved')
Searchable as RT15063$
The text was updated successfully, but these errors were encountered: