/tmp issues #5745
Comments
From solar@openwall.comHi, I am CC'ing this to a number of Perl folks based on the source files Basically, I've been reviewing and patching various scripts and even The patches we're currently applying to 5.6.0 may be obtained via: cvs -z3 -d :pserver:anoncvs:anoncvs@anoncvs.owl.openwall.com:/cvs co Owl/packages/perl/ Recent changes to the package are: * Thu Jul 18 2002 Solar Designer <solar@owl.openwall.com> * Tue Jul 16 2002 Solar Designer <solar@owl.openwall.com> * Sun Jul 14 2002 Solar Designer <solar@owl.openwall.com> My current TODO file for temporary file handling issues with our Perl + perlbug (also make it use vitmp) On Mon, Jul 15, 2002 at 06:54:50AM +0400, Solar Designer wrote:
-- |
|
arthur@contiller.se - Status changed from 'new' to 'open' |
From arthur@contiller.seIs this still a problem with 5.8.0, any patches that have not been applied to should be Arthur |
From solar@openwall.comOn Sat, Apr 26, 2003 at 08:36:54AM -0000, Arthur Bergman wrote:
It's been more than half a year since I've been doing these patches, Our Perl package in Openwall GNU/*/Linux is still based around 5.6.0 Obviously, it would help if you happen to have more time for working -- |
From solar@openwall.comHi, Well, our package has been updated to Perl 5.8.3, and attached to this There're also temporary file handling issues and/or bad practices INSTALL makeaperl.SH perly.fixer ext/SDBM_File/sdbm/grind and in OS-specific files that are not used on Linux, especially in CGI.pm's temporary file handling needs to be re-done making use of -- On Sat, Apr 26, 2003 at 09:34:13PM +0400, Solar Designer wrote:
|
From solar@openwall.comperl-5.8.3-owl-tmp.diffdiff -ur perl-5.8.3.orig/ext/DB_File/DB_File.pm perl-5.8.3/ext/DB_File/DB_File.pm
--- perl-5.8.3.orig/ext/DB_File/DB_File.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/DB_File/DB_File.pm Mon Jan 19 20:14:11 2004
@@ -1821,7 +1821,7 @@
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
my $db = tie %hash, 'DB_File', $filename, O_CREAT|O_RDWR, 0666, $DB_HASH
@@ -1863,7 +1863,7 @@
use strict ;
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
@@ -1894,8 +1894,8 @@
The locking technique went like this.
- $db = tie(%db, 'DB_File', '/tmp/foo.db', O_CREAT|O_RDWR, 0666)
- || die "dbcreat /tmp/foo.db $!";
+ $db = tie(%db, 'DB_File', '/var/run/foo.db', O_CREAT|O_RDWR, 0644)
+ || die "dbcreat /var/run/foo.db $!";
$fd = $db->fd;
open(DB_FH, "+<&=$fd") || die "dup $!";
flock (DB_FH, LOCK_EX) || die "flock: $!";
diff -ur perl-5.8.3.orig/ext/DB_File/t/db-recno.t perl-5.8.3/ext/DB_File/t/db-recno.t
--- perl-5.8.3.orig/ext/DB_File/t/db-recno.t Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/DB_File/t/db-recno.t Sun Jan 25 18:53:51 2004
@@ -1198,7 +1198,7 @@
my $testnum = 181;
my $failed = 0;
-require POSIX; my $tmp = POSIX::tmpnam();
+my $tmp = "dbr$$";
foreach my $test (@tests) {
my $err = test_splice(@$test);
if (defined $err) {
diff -ur perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm perl-5.8.3/ext/Devel/PPPort/PPPort.pm
--- perl-5.8.3.orig/ext/Devel/PPPort/PPPort.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/Devel/PPPort/PPPort.pm Sun Jan 25 16:16:53 2004
@@ -349,13 +349,13 @@
}
if ($changes) {
- open(OUT,">/tmp/ppport.h.$$");
+ open(OUT,"ppport.h.$$");
print OUT $c;
close(OUT);
- open(DIFF, "diff -u $filename /tmp/ppport.h.$$|");
- while (<DIFF>) { s!/tmp/ppport\.h\.$$!$filename.patched!; print STDOUT; }
+ open(DIFF, "diff -u $filename ppport.h.$$|");
+ while (<DIFF>) { s!ppport\.h\.$$!$filename.patched!; print STDOUT; }
close(DIFF);
- unlink("/tmp/ppport.h.$$");
+ unlink("ppport.h.$$");
} else {
print "Looks OK\n";
}
diff -ur perl-5.8.3.orig/ext/IO/t/io_unix.t perl-5.8.3/ext/IO/t/io_unix.t
--- perl-5.8.3.orig/ext/IO/t/io_unix.t Tue Sep 30 17:10:17 2003
+++ perl-5.8.3/ext/IO/t/io_unix.t Sun Jan 25 16:17:43 2004
@@ -24,7 +24,7 @@
elsif ($^O eq 'os2') {
require IO::Socket;
- eval {IO::Socket::pack_sockaddr_un('/tmp/foo') || 1}
+ eval {IO::Socket::pack_sockaddr_un('/foo/bar') || 1}
or $@ !~ /not implemented/ or
$reason = 'compiled without TCP/IP stack v4';
} elsif ($^O =~ m/^(?:qnx|nto|vos)$/ ) {
@@ -37,7 +37,7 @@
}
}
-$PATH = "/tmp/sock-$$";
+$PATH = "sock-$$";
# Test if we can create the file within the tmp directory
if (-e $PATH or not open(TEST, ">$PATH") and $^O ne 'os2') {
diff -ur perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs perl-5.8.3/ext/ODBM_File/ODBM_File.xs
--- perl-5.8.3.orig/ext/ODBM_File/ODBM_File.xs Tue Sep 30 17:10:20 2003
+++ perl-5.8.3/ext/ODBM_File/ODBM_File.xs Mon Jan 19 21:55:54 2004
@@ -32,7 +32,7 @@
* Set DBM_BUG_DUPLICATE_FREE in the extension hint file.
*/
/* Close the previous dbm, and fail to open a new dbm */
-#define dbmclose() ((void) dbminit("/tmp/x/y/z/z/y"))
+#define dbmclose() ((void) dbminit("/nonexistent"))
#endif
#include <fcntl.h>
diff -ur perl-5.8.3.orig/ext/POSIX/POSIX.pod perl-5.8.3/ext/POSIX/POSIX.pod
--- perl-5.8.3.orig/ext/POSIX/POSIX.pod Tue Sep 30 17:10:22 2003
+++ perl-5.8.3/ext/POSIX/POSIX.pod Sun Jan 25 16:19:16 2004
@@ -417,9 +417,9 @@
uses file descriptors such as those obtained by calling C<POSIX::open>.
The following will determine the maximum length of the longest allowable
-pathname on the filesystem which holds C</tmp/foo>.
+pathname on the filesystem which holds C</var/foo>.
- $fd = POSIX::open( "/tmp/foo", &POSIX::O_RDONLY );
+ $fd = POSIX::open( "/var/foo", &POSIX::O_RDONLY );
$path_max = POSIX::fpathconf( $fd, &POSIX::_PC_PATH_MAX );
Returns C<undef> on failure.
@@ -919,7 +919,7 @@
Open a directory for reading.
- $dir = POSIX::opendir( "/tmp" );
+ $dir = POSIX::opendir( "/var" );
@files = POSIX::readdir( $dir );
POSIX::closedir( $dir );
@@ -930,9 +930,9 @@
Retrieves the value of a configurable limit on a file or directory.
The following will determine the maximum length of the longest allowable
-pathname on the filesystem which holds C</tmp>.
+pathname on the filesystem which holds C</var>.
- $path_max = POSIX::pathconf( "/tmp", &POSIX::_PC_PATH_MAX );
+ $path_max = POSIX::pathconf( "/var", &POSIX::_PC_PATH_MAX );
Returns C<undef> on failure.
diff -ur perl-5.8.3.orig/ext/Socket/Socket.pm perl-5.8.3/ext/Socket/Socket.pm
--- perl-5.8.3.orig/ext/Socket/Socket.pm Tue Sep 30 17:10:25 2003
+++ perl-5.8.3/ext/Socket/Socket.pm Mon Jan 19 20:14:11 2004
@@ -32,8 +32,8 @@
$proto = getprotobyname('tcp');
socket(Socket_Handle, PF_UNIX, SOCK_STREAM, $proto);
- unlink('/tmp/usock');
- $sun = sockaddr_un('/tmp/usock');
+ unlink('/var/run/usock');
+ $sun = sockaddr_un('/var/run/usock');
connect(Socket_Handle,$sun);
=head1 DESCRIPTION
diff -ur perl-5.8.3.orig/ext/Storable/Storable.pm perl-5.8.3/ext/Storable/Storable.pm
--- perl-5.8.3.orig/ext/Storable/Storable.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/ext/Storable/Storable.pm Sun Jan 25 16:24:24 2004
@@ -786,10 +786,10 @@
%color = ('Blue' => 0.1, 'Red' => 0.8, 'Black' => 0, 'White' => 1);
- store(\%color, '/tmp/colors') or die "Can't store %a in /tmp/colors!\n";
+ store(\%color, '/var/run/colors') or die "Can't store %a in /var/run/colors!\n";
- $colref = retrieve('/tmp/colors');
- die "Unable to retrieve from /tmp/colors!\n" unless defined $colref;
+ $colref = retrieve('/var/run/colors');
+ die "Unable to retrieve from /var/run/colors!\n" unless defined $colref;
printf "Blue is still %lf\n", $colref->{'Blue'};
$colref2 = dclone(\%color);
diff -ur perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL perl-5.8.3/ext/Time/HiRes/Makefile.PL
--- perl-5.8.3.orig/ext/Time/HiRes/Makefile.PL Tue Oct 28 20:35:51 2003
+++ perl-5.8.3/ext/Time/HiRes/Makefile.PL Sun Jan 25 16:27:01 2004
@@ -71,19 +71,11 @@
# without changing it, and then I'd always forget to change it before a
# release. Sorry, Edward :)
-sub TMPDIR {
- my $TMPDIR =
- (grep(defined $_ && -d $_ && -w _,
- ((defined $ENV{'TMPDIR'} ? $ENV{'TMPDIR'} : undef),
- qw(/var/tmp /usr/tmp /tmp c:/temp))))[0];
- $TMPDIR || die "Cannot find writable temporary directory.\n";
-}
-
sub try_compile_and_link {
my ($c, %args) = @_;
my ($ok) = 0;
- my ($tmp) = (($^O eq 'VMS') ? "sys\$scratch:tmp$$" : TMPDIR() . '/' . "tmp$$");
+ my ($tmp) = "tmp$$";
local(*TMPC);
my $obj_ext = $Config{obj_ext} || ".o";
diff -ur perl-5.8.3.orig/lib/CGI/Cookie.pm perl-5.8.3/lib/CGI/Cookie.pm
--- perl-5.8.3.orig/lib/CGI/Cookie.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/CGI/Cookie.pm Mon Jan 19 20:14:11 2004
@@ -407,7 +407,7 @@
You may also retrieve cookies that were stored in some external
form using the parse() class method:
- $COOKIES = `cat /usr/tmp/Cookie_stash`;
+ $COOKIES = `cat /var/run/www/Cookie_stash`;
%cookies = parse CGI::Cookie($COOKIES);
If you are in a mod_perl environment, you can save some overhead by
diff -ur perl-5.8.3.orig/lib/CGI.pm perl-5.8.3/lib/CGI.pm
--- perl-5.8.3.orig/lib/CGI.pm Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/CGI.pm Sun Jan 25 16:45:26 2004
@@ -2,6 +2,9 @@
require 5.004;
use Carp 'croak';
+# XXX: The temporary file handling implemented in here is crap. It should
+# be re-done making use of File::Temp.
+
# See the bottom of this file for the POD documentation. Search for the
# string '=head'.
diff -ur perl-5.8.3.orig/lib/CPAN.pm perl-5.8.3/lib/CPAN.pm
--- perl-5.8.3.orig/lib/CPAN.pm Tue Sep 30 17:10:44 2003
+++ perl-5.8.3/lib/CPAN.pm Sun Jan 25 16:46:02 2004
@@ -2273,7 +2273,7 @@
# If more accuracy is wanted/needed, Chris Leach sent me this patch...
# > *** /install/perl/live/lib/CPAN.pm- Wed Sep 24 13:08:48 1997
- # > --- /tmp/cp Wed Sep 24 13:26:40 1997
+ # > --- cp Wed Sep 24 13:26:40 1997
# > ***************
# > *** 1562,1567 ****
# > --- 1562,1580 ----
diff -ur perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm perl-5.8.3/lib/ExtUtils/MakeMaker.pm
--- perl-5.8.3.orig/lib/ExtUtils/MakeMaker.pm Fri Oct 31 22:03:49 2003
+++ perl-5.8.3/lib/ExtUtils/MakeMaker.pm Sun Jan 25 16:48:00 2004
@@ -1013,7 +1013,7 @@
The Makefile to be produced may be altered by adding arguments of the
form C<KEY=VALUE>. E.g.
- perl Makefile.PL PREFIX=/tmp/myperl5
+ perl Makefile.PL PREFIX=~/myperl5
Other interesting targets in the generated Makefile are
@@ -1355,13 +1355,13 @@
This is the root directory into which the code will be installed. It
I<prepends itself to the normal prefix>. For example, if your code
-would normally go into /usr/local/lib/perl you could set DESTDIR=/tmp/
-and installation would go into /tmp/usr/local/lib/perl.
+would normally go into /usr/local/lib/perl you could set DESTDIR=/other/
+and installation would go into /other/usr/local/lib/perl.
This is primarily of use for people who repackage Perl modules.
NOTE: Due to the nature of make, it is important that you put the trailing
-slash on your DESTDIR. "/tmp/" not "/tmp".
+slash on your DESTDIR. "/other/" not "/other".
=item DIR
diff -ur perl-5.8.3.orig/lib/ExtUtils/instmodsh perl-5.8.3/lib/ExtUtils/instmodsh
--- perl-5.8.3.orig/lib/ExtUtils/instmodsh Tue Sep 30 17:10:47 2003
+++ perl-5.8.3/lib/ExtUtils/instmodsh Mon Jan 19 20:14:11 2004
@@ -2,6 +2,7 @@
use strict;
use IO::File;
+use File::Temp;
use ExtUtils::Packlist;
use ExtUtils::Installed;
@@ -58,16 +59,12 @@
$reply =~ /^t\s*/ and do
{
my $file = (split(' ', $reply))[1];
- my $tmp = "/tmp/inst.$$";
- if (my $fh = IO::File->new($tmp, "w"))
- {
- $fh->print(join("\n", $Inst->files($module)));
- $fh->close();
- system("tar cvf $file -I $tmp");
- unlink($tmp);
- last CASE;
- }
- else { print("Can't open $file: $!\n"); }
+ my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1);
+ $fh->print(join("\n", $Inst->files($module)));
+ $fh->close();
+ # This used to use -I which is wrong for GNU tar.
+ system("tar cvf $file -T $tmp");
+ unlink($tmp);
last CASE;
};
$reply eq 'v' and do
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie.t perl-5.8.3/lib/Memoize/t/tie.t
--- perl-5.8.3.orig/lib/Memoize/t/tie.t Tue Sep 30 17:10:58 2003
+++ perl-5.8.3/lib/Memoize/t/tie.t Sun Jan 25 16:54:31 2004
@@ -29,14 +29,7 @@
$_[0]+1;
}
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import('tmpdir', 'catfile');
- $tmpdir = tmpdir();
-} else {
- *catfile = sub { join '/', @_ };
- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-}
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
@files = ($file, "$file.db", "$file.dir", "$file.pag");
1 while unlink @files;
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t perl-5.8.3/lib/Memoize/t/tie_gdbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_gdbm.t Tue Sep 30 17:10:58 2003
+++ perl-5.8.3/lib/Memoize/t/tie_gdbm.t Sun Jan 25 16:53:07 2004
@@ -26,13 +26,7 @@
print "1..4\n";
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('GDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t perl-5.8.3/lib/Memoize/t/tie_ndbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_ndbm.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_ndbm.t Sun Jan 25 16:53:56 2004
@@ -28,14 +28,7 @@
print "1..4\n";
-
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('Memoize::NDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t perl-5.8.3/lib/Memoize/t/tie_sdbm.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_sdbm.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_sdbm.t Sun Jan 25 16:52:33 2004
@@ -28,14 +28,7 @@
print "1..4\n";
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import('tmpdir', 'catfile');
- $tmpdir = tmpdir();
-} else {
- *catfile = sub { join '/', @_ };
- $tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-}
-$file = catfile($tmpdir, "md$$");
+$file = "md$$";
1 while unlink $file, "$file.dir", "$file.pag";
tryout('Memoize::SDBM_File', $file, 1); # Test 1..4
1 while unlink $file, "$file.dir", "$file.pag";
diff -ur perl-5.8.3.orig/lib/Memoize/t/tie_storable.t perl-5.8.3/lib/Memoize/t/tie_storable.t
--- perl-5.8.3.orig/lib/Memoize/t/tie_storable.t Tue Sep 30 17:10:59 2003
+++ perl-5.8.3/lib/Memoize/t/tie_storable.t Sun Jan 25 16:53:25 2004
@@ -33,14 +33,7 @@
print "1..4\n";
-
-if (eval {require File::Spec::Functions}) {
- File::Spec::Functions->import();
-} else {
- *catfile = sub { join '/', @_ };
-}
-$tmpdir = $ENV{TMP} || $ENV{TMPDIR} || '/tmp';
-$file = catfile($tmpdir, "storable$$");
+$file = "storable$$";
1 while unlink $file;
tryout('Memoize::Storable', $file, 1); # Test 1..4
1 while unlink $file;
diff -ur perl-5.8.3.orig/lib/Shell.pm perl-5.8.3/lib/Shell.pm
--- perl-5.8.3.orig/lib/Shell.pm Tue Sep 30 17:11:05 2003
+++ perl-5.8.3/lib/Shell.pm Mon Jan 19 20:14:11 2004
@@ -140,7 +140,7 @@
sub ps;
print ps -ww;
- cp("/etc/passwd", "/tmp/passwd");
+ cp("/etc/passwd", "/etc/passwd.orig");
That's maybe too gonzo. It actually exports an AUTOLOAD to the current
package (and uncovered a bug in Beta 3, by the way). Maybe the usual
diff -ur perl-5.8.3.orig/lib/dotsh.pl perl-5.8.3/lib/dotsh.pl
--- perl-5.8.3.orig/lib/dotsh.pl Tue Sep 30 17:11:16 2003
+++ perl-5.8.3/lib/dotsh.pl Mon Jan 19 20:14:11 2004
@@ -27,9 +27,9 @@
# dependent upon. These variables MUST be defined using shell syntax.
#
# Example:
-# &dotsh ('/tmp/foo', 'arg1');
-# &dotsh ('/tmp/foo');
-# &dotsh ('/tmp/foo arg1 ... argN');
+# &dotsh ('/foo/bar', 'arg1');
+# &dotsh ('/foo/bar');
+# &dotsh ('/foo/bar arg1 ... argN');
#
sub dotsh {
local(@sh) = @_;
@@ -54,19 +54,17 @@
}
}
if (length($vars) > 0) {
- system "$shell \"$vars;. $command $args; set > /tmp/_sh_env$$\"";
+ open (_SH_ENV, "$shell \"$vars && . $command $args && set \" |") || die;
} else {
- system "$shell \". $command $args; set > /tmp/_sh_env$$\"";
+ open (_SH_ENV, "$shell \". $command $args && set \" |") || die;
}
- open (_SH_ENV, "/tmp/_sh_env$$") || die "Could not open /tmp/_sh_env$$!\n";
while (<_SH_ENV>) {
chop;
m/^([^=]*)=(.*)/s;
$ENV{$1} = $2;
}
close (_SH_ENV);
- system "rm -f /tmp/_sh_env$$";
foreach $key (keys(%ENV)) {
$tmp .= "\$$key = \$ENV{'$key'};" if $key =~ /^[A-Za-z]\w*$/;
diff -ur perl-5.8.3.orig/lib/perl5db.pl perl-5.8.3/lib/perl5db.pl
--- perl-5.8.3.orig/lib/perl5db.pl Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/lib/perl5db.pl Mon Jan 19 20:14:11 2004
@@ -206,7 +206,7 @@
=item * noTTY
if set, goes in NonStop mode. On interrupt, if TTY is not set,
-uses the value of noTTY or "/tmp/perldbtty$$" to find TTY using
+uses the value of noTTY or "/var/run/perldbtty$$" to find TTY using
Term::Rendezvous. Current variant is to have the name of TTY in this
file.
@@ -5689,8 +5689,8 @@
else {
eval "require Term::Rendezvous;" or die;
# See if we have anything to pass to Term::Rendezvous.
- # Use /tmp/perldbtty$$ if not.
- my $rv = $ENV{PERLDB_NOTTY} || "/tmp/perldbtty$$";
+ # Use /var/run/perldbtty$$ if not.
+ my $rv = $ENV{PERLDB_NOTTY} || "/var/run/perldbtty$$";
# Rendezvous and get the filehandles.
my $term_rv = new Term::Rendezvous $rv;
diff -ur perl-5.8.3.orig/mpeix/nm perl-5.8.3/mpeix/nm
--- perl-5.8.3.orig/mpeix/nm Tue Sep 30 17:11:39 2003
+++ perl-5.8.3/mpeix/nm Sun Jan 25 16:55:26 2004
@@ -22,12 +22,12 @@
# I wanted to pipe this into awk, but it fell victim to a known pipe/streams
# bug on my multiprocessor machine.
-callci xeq linkedit.pub.sys \"$LIST\" >/tmp/nm.$$
+callci xeq linkedit.pub.sys \"$LIST\" >nm.$$
/bin/awk '\
/ data univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$5,"extern","data","?"} \
- / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' /tmp/nm.$$
+ / entry univ / { printf "%-20s|%10s|%-6s|%-7s|%s\n",$1,$7,"extern","entry","?"}' nm.$$
-rm -f /tmp/nm.$$
+rm -f nm.$$
exit 0
diff -ur perl-5.8.3.orig/mpeix/relink perl-5.8.3/mpeix/relink
--- perl-5.8.3.orig/mpeix/relink Tue Sep 30 17:11:39 2003
+++ perl-5.8.3/mpeix/relink Sun Jan 25 16:55:44 2004
@@ -14,7 +14,7 @@
echo "Creating $RAND.sl...\n"
-TEMP=/tmp/perlmpe.$$
+TEMP=perlmpe.$$
rm -f $TEMP $RAND.a $RAND.sl
diff -ur perl-5.8.3.orig/perly.fixer perl-5.8.3/perly.fixer
--- perl-5.8.3.orig/perly.fixer Tue Sep 30 17:11:42 2003
+++ perl-5.8.3/perly.fixer Mon Jan 19 20:14:11 2004
@@ -23,7 +23,7 @@
input=$1
output=$2
-tmp=/tmp/f$$
+tmp=perly$$
inputh=`echo $input|sed 's:\.c$:.h:'`
if grep '^#ifdef PERL_CORE' $inputh; then
diff -ur perl-5.8.3.orig/pod/perl571delta.pod perl-5.8.3/pod/perl571delta.pod
--- perl-5.8.3.orig/pod/perl571delta.pod Tue Sep 30 17:11:44 2003
+++ perl-5.8.3/pod/perl571delta.pod Sun Jan 25 16:57:40 2004
@@ -771,17 +771,17 @@
If your file system supports symbolic links you can build Perl outside
of the source directory by
- mkdir /tmp/perl/build/directory
- cd /tmp/perl/build/directory
+ mkdir perl/build/directory
+ cd perl/build/directory
sh /path/to/perl/source/Configure -Dmksymlinks ...
-This will create in /tmp/perl/build/directory a tree of symbolic links
+This will create in perl/build/directory a tree of symbolic links
pointing to files in /path/to/perl/source. The original files are left
unaffected. After Configure has finished you can just say
make all test
-and Perl will be built and tested, all in /tmp/perl/build/directory.
+and Perl will be built and tested, all in perl/build/directory.
=back
diff -ur perl-5.8.3.orig/pod/perl58delta.pod perl-5.8.3/pod/perl58delta.pod
--- perl-5.8.3.orig/pod/perl58delta.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perl58delta.pod Sun Jan 25 16:58:03 2004
@@ -1905,17 +1905,17 @@
If your file system supports symbolic links, you can build Perl outside
of the source directory by
- mkdir /tmp/perl/build/directory
- cd /tmp/perl/build/directory
+ mkdir perl/build/directory
+ cd perl/build/directory
sh /path/to/perl/source/Configure -Dmksymlinks ...
-This will create in /tmp/perl/build/directory a tree of symbolic links
+This will create in perl/build/directory a tree of symbolic links
pointing to files in /path/to/perl/source. The original files are left
unaffected. After Configure has finished, you can just say
make all test
-and Perl will be built and tested, all in /tmp/perl/build/directory.
+and Perl will be built and tested, all in perl/build/directory.
[561]
=item *
diff -ur perl-5.8.3.orig/pod/perldbmfilter.pod perl-5.8.3/pod/perldbmfilter.pod
--- perl-5.8.3.orig/pod/perldbmfilter.pod Tue Sep 30 17:11:45 2003
+++ perl-5.8.3/pod/perldbmfilter.pod Mon Jan 19 20:14:11 2004
@@ -91,7 +91,7 @@
use Fcntl ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
my $db = tie(%hash, 'SDBM_File', $filename, O_RDWR|O_CREAT, 0640)
@@ -137,7 +137,7 @@
use warnings ;
use DB_File ;
my %hash ;
- my $filename = "/tmp/filt" ;
+ my $filename = "/var/run/filt" ;
unlink $filename ;
diff -ur perl-5.8.3.orig/pod/perldebug.pod perl-5.8.3/pod/perldebug.pod
--- perl-5.8.3.orig/pod/perldebug.pod Tue Sep 30 17:11:45 2003
+++ perl-5.8.3/pod/perldebug.pod Mon Jan 19 20:14:11 2004
@@ -700,7 +700,7 @@
with two methods: C<IN> and C<OUT>. These should return filehandles to use
for debugging input and output correspondingly. The C<new> method should
inspect an argument containing the value of C<$ENV{PERLDB_NOTTY}> at
-startup, or C<"/tmp/perldbtty$$"> otherwise. This file is not
+startup, or C<"/var/run/perldbtty$$"> otherwise. This file is not
inspected for proper ownership, so security hazards are theoretically
possible.
diff -ur perl-5.8.3.orig/pod/perlfaq5.pod perl-5.8.3/pod/perlfaq5.pod
--- perl-5.8.3.orig/pod/perlfaq5.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlfaq5.pod Sun Jan 25 16:59:15 2004
@@ -141,6 +141,7 @@
my $count = 0;
until (defined(fileno(FH)) || $count++ > 100) {
$base_name =~ s/-(\d+)$/"-" . (1 + $1)/e;
+ # O_EXCL is required for security reasons.
sysopen(FH, $base_name, O_WRONLY|O_EXCL|O_CREAT);
}
if (defined(fileno(FH))
@@ -427,8 +428,8 @@
To open a file without blocking, creating if necessary:
- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT)
- or die "can't open /tmp/somefile: $!":
+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT)
+ or die "can't open /foo/somefile: $!":
Be warned that neither creation nor deletion of files is guaranteed to
be an atomic operation over NFS. That is, two processes might both
@@ -924,7 +925,7 @@
If you check L<perlfunc/open>, you'll see that several of the ways
to call open() should do the trick. For example:
- open(LOG, ">>/tmp/logfile");
+ open(LOG, ">>/foo/logfile");
open(STDERR, ">&LOG");
Or even with a literal numeric descriptor:
diff -ur perl-5.8.3.orig/pod/perlfaq8.pod perl-5.8.3/pod/perlfaq8.pod
--- perl-5.8.3.orig/pod/perlfaq8.pod Tue Sep 30 17:11:46 2003
+++ perl-5.8.3/pod/perlfaq8.pod Mon Jan 19 20:14:11 2004
@@ -749,10 +749,10 @@
while (<PH>) { } # plus a read
To read both a command's STDOUT and its STDERR separately, it's easiest
-and safest to redirect them separately to files, and then read from those
-files when the program is done:
+to redirect them separately to files, and then read from those files
+when the program is done:
- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr");
+ system("program args 1>program.stdout 2>program.stderr");
Ordering is important in all these examples. That's because the shell
processes file descriptor redirections in strictly left to right order.
@@ -1063,8 +1063,8 @@
sysopen():
use Fcntl;
- sysopen(FH, "/tmp/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644)
- or die "can't open /tmp/somefile: $!":
+ sysopen(FH, "/foo/somefile", O_WRONLY|O_NDELAY|O_CREAT, 0644)
+ or die "can't open /foo/somefile: $!":
=head2 How do I install a module from CPAN?
diff -ur perl-5.8.3.orig/pod/perlfunc.pod perl-5.8.3/pod/perlfunc.pod
--- perl-5.8.3.orig/pod/perlfunc.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlfunc.pod Mon Jan 19 20:14:11 2004
@@ -2928,7 +2928,7 @@
open(ARTICLE, "caesar <$article |") # ditto
or die "Can't start caesar: $!";
- open(EXTRACT, "|sort >/tmp/Tmp$$") # $$ is our process id
+ open(EXTRACT, "|sort >Tmp$$") # $$ is our process id
or die "Can't start sort: $!";
# in memory files
diff -ur perl-5.8.3.orig/pod/perlipc.pod perl-5.8.3/pod/perlipc.pod
--- perl-5.8.3.orig/pod/perlipc.pod Tue Sep 30 17:11:48 2003
+++ perl-5.8.3/pod/perlipc.pod Mon Jan 19 20:14:11 2004
@@ -1030,7 +1030,7 @@
use strict;
my ($rendezvous, $line);
- $rendezvous = shift || '/tmp/catsock';
+ $rendezvous = shift || 'catsock';
socket(SOCK, PF_UNIX, SOCK_STREAM, 0) || die "socket: $!";
connect(SOCK, sockaddr_un($rendezvous)) || die "connect: $!";
while (defined($line = <SOCK>)) {
@@ -1051,7 +1051,7 @@
sub spawn; # forward declaration
sub logmsg { print "$0 $$: @_ at ", scalar localtime, "\n" }
- my $NAME = '/tmp/catsock';
+ my $NAME = 'catsock';
my $uaddr = sockaddr_un($NAME);
my $proto = getprotobyname('tcp');
diff -ur perl-5.8.3.orig/pod/perllexwarn.pod perl-5.8.3/pod/perllexwarn.pod
--- perl-5.8.3.orig/pod/perllexwarn.pod Tue Sep 30 17:11:48 2003
+++ perl-5.8.3/pod/perllexwarn.pod Sun Jan 25 17:02:14 2004
@@ -381,9 +381,9 @@
sub open {
my $path = shift ;
if ($path !~ m#^/#) {
- warnings::warn("changing relative path to /tmp/")
+ warnings::warn("changing relative path to /var/abc")
if warnings::enabled();
- $path = "/tmp/$path" ;
+ $path = "/var/abc/$path";
}
}
diff -ur perl-5.8.3.orig/pod/perlobj.pod perl-5.8.3/pod/perlobj.pod
--- perl-5.8.3.orig/pod/perlobj.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlobj.pod Mon Jan 19 20:14:11 2004
@@ -535,15 +535,15 @@
warn "time to die...";
exit;
-When run as F</tmp/test>, the following output is produced:
+When run as F</foo/test>, the following output is produced:
- starting program at /tmp/test line 18.
- CREATING SCALAR(0x8e5b8) at /tmp/test line 7.
- CREATING SCALAR(0x8e57c) at /tmp/test line 7.
- leaving block at /tmp/test line 23.
- DESTROYING Subtle=SCALAR(0x8e5b8) at /tmp/test line 13.
- just exited block at /tmp/test line 26.
- time to die... at /tmp/test line 27.
+ starting program at /foo/test line 18.
+ CREATING SCALAR(0x8e5b8) at /foo/test line 7.
+ CREATING SCALAR(0x8e57c) at /foo/test line 7.
+ leaving block at /foo/test line 23.
+ DESTROYING Subtle=SCALAR(0x8e5b8) at /foo/test line 13.
+ just exited block at /foo/test line 26.
+ time to die... at /foo/test line 27.
DESTROYING Subtle=SCALAR(0x8e57c) during global destruction.
Notice that "global destruction" bit there? That's the thread
diff -ur perl-5.8.3.orig/pod/perlop.pod perl-5.8.3/pod/perlop.pod
--- perl-5.8.3.orig/pod/perlop.pod Mon Jan 19 18:46:25 2004
+++ perl-5.8.3/pod/perlop.pod Mon Jan 19 20:14:11 2004
@@ -1160,10 +1160,10 @@
$output = `cmd 3>&1 1>&2 2>&3 3>&-`;
To read both a command's STDOUT and its STDERR separately, it's easiest
-and safest to redirect them separately to files, and then read from those
-files when the program is done:
+to redirect them separately to files, and then read from those files
+when the program is done:
- system("program args 1>/tmp/program.stdout 2>/tmp/program.stderr");
+ system("program args 1>program.stdout 2>program.stderr");
Using single-quote as a delimiter protects the command from Perl's
double-quote interpolation, passing it on to the shell instead:
diff -ur perl-5.8.3.orig/pod/perlopentut.pod perl-5.8.3/pod/perlopentut.pod
--- perl-5.8.3.orig/pod/perlopentut.pod Tue Sep 30 17:11:49 2003
+++ perl-5.8.3/pod/perlopentut.pod Mon Jan 19 20:14:11 2004
@@ -192,11 +192,11 @@
open(WTMP, "+< /usr/adm/wtmp")
|| die "can't open /usr/adm/wtmp: $!";
- open(SCREEN, "+> /tmp/lkscreen")
- || die "can't open /tmp/lkscreen: $!";
+ open(SCREEN, "+> lkscreen")
+ || die "can't open lkscreen: $!";
- open(LOGFILE, "+>> /tmp/applog"
- || die "can't open /tmp/applog: $!";
+ open(LOGFILE, "+>> /var/log/applog"
+ || die "can't open /var/log/applog: $!";
The first one won't create a new file, and the second one will always
clobber an old one. The third one will create a new file if necessary
diff -ur perl-5.8.3.orig/utils/c2ph.PL perl-5.8.3/utils/c2ph.PL
--- perl-5.8.3.orig/utils/c2ph.PL Tue Sep 30 17:12:10 2003
+++ perl-5.8.3/utils/c2ph.PL Mon Jan 19 20:18:11 2004
@@ -280,6 +280,7 @@
$RCSID = '$Id: c2ph,v 1.7 95/10/28 10:41:47 tchrist Exp Locker: tchrist $';
+use File::Temp;
######################################################################
@@ -480,6 +481,13 @@
printf "%-16s%-15s %s\n", $var, eval "\$$var", $msg;
}
+sub safedir {
+ $SAFEDIR = File::Temp::tempdir("c2ph.XXXXXX", TMPDIR => 1, CLEANUP => 1)
+ unless (defined($SAFEDIR));
+}
+
+undef $SAFEDIR;
+
$recurse = 1;
if (@ARGV) {
@@ -495,15 +503,15 @@
}
elsif (@ARGV == 1 && $ARGV[0] =~ /\.c$/) {
local($dir, $file) = $ARGV[0] =~ m#(.*/)?(.*)$#;
- $chdir = "cd $dir; " if $dir;
+ $chdir = "cd $dir && " if $dir;
&system("$chdir$CC $CFLAGS $DEFINES $file") && exit 1;
$ARGV[0] =~ s/\.c$/.s/;
}
else {
- $TMPDIR = tempdir(CLEANUP => 1);
- $TMP = "$TMPDIR/c2ph.$$.c";
+ &safedir;
+ $TMP = "$SAFEDIR/c2ph.$$.c";
&system("cat @ARGV > $TMP") && exit 1;
- &system("cd $TMPDIR; $CC $CFLAGS $DEFINES $TMP") && exit 1;
+ &system("cd $SAFEDIR && $CC $CFLAGS $DEFINES $TMP") && exit 1;
unlink $TMP;
$TMP =~ s/\.c$/.s/;
@ARGV = ($TMP);
@@ -1274,8 +1282,8 @@
}
sub compute_intrinsics {
- $TMPDIR ||= tempdir(CLEANUP => 1);
- local($TMP) = "$TMPDIR/c2ph-i.$$.c";
+ &safedir;
+ local($TMP) = "$SAFEDIR/c2ph-i.$$.c";
open (TMP, ">$TMP") || die "can't open $TMP: $!";
select(TMP);
@@ -1303,7 +1311,7 @@
close TMP;
select(STDOUT);
- open(PIPE, "cd $TMPDIR && $CC $TMP && $TMPDIR/a.out|");
+ open(PIPE, "cd $SAFEDIR && $CC $TMP && $SAFEDIR/a.out|");
while (<PIPE>) {
chop;
split(' ',$_,2);;
@@ -1312,7 +1320,7 @@
$intrinsics{$_[1]} = $template{$_[0]};
}
close(PIPE) || die "couldn't read intrinsics!";
- unlink($TMP, '$TMPDIR/a.out');
+ unlink($TMP, '$SAFEDIR/a.out');
print STDERR "done\n" if $trace;
}
diff -ur perl-5.8.3.orig/utils/perlbug.PL perl-5.8.3/utils/perlbug.PL
--- perl-5.8.3.orig/utils/perlbug.PL Tue Sep 30 17:12:10 2003
+++ perl-5.8.3/utils/perlbug.PL Mon Jan 19 20:14:11 2004
@@ -78,7 +78,7 @@
print OUT <<'!NO!SUBS!';
use Config;
-use File::Spec; # keep perlbug Perl 5.005 compatible
+use File::Temp;
use Getopt::Std;
use strict;
@@ -958,10 +958,9 @@
}
sub filename {
- my $dir = File::Spec->tmpdir();
- $filename = "bugrep0$$";
- $filename++ while -e File::Spec->catfile($dir, $filename);
- $filename = File::Spec->catfile($dir, $filename);
+ my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
+ close($fh);
+ return $filename;
}
sub paraprint {
|
From @iabynOn Mon, Jan 26, 2004 at 01:22:18AM +0300, Solar Designer wrote:
Thanks, applied to bleedperl as change #22255, except for the following: Many systems don't have a /var/run directory, or it is only writeable by root; ext/DB_File/DB_File.pm ext/ODBM_File/ODBM_File.xs lib/CGI.pm +# XXX: The temporary file handling implemented in here is crap. It should lib/CPAN.pm # If more accuracy is wanted/needed, Chris Leach sent me this patch... lib/ExtUtils/instmodsh lib/perl5db.pl utils/perlbug.PL This is designed to run on old 5.005 syststems, and as such it can't -- |
From @iabynOn Sun, Feb 01, 2004 at 11:40:05PM +0300, Solar Designer wrote:
I'm hoping that will be Someone Else's Problem.
I suspect that whole patch-in-a-comment can probably be removed, judging
Because someone trying but failing to install a newer version of /usr/bin/old-working-perl newperl-installdir/bin/perlbug ... But yes, it needs fixing somehow. -- |
From solar@openwall.comOn Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote:
Thank you! My comments on the non-applied changes below:
OK.
OK.
OK, but it does need to be re-worked! The current code is insecure. I don't think it can be fixed without changing user-visible interfaces,
OK, although not having "/tmp" there would save me and others a few
Great!
OK.
Hmm. Perhaps I am missing something, but why does the version of Thanks again, -- |
From @nwc10On Sun, Feb 01, 2004 at 09:18:16PM +0000, Dave Mitchell wrote:
Also you may run perlbug like that if you have more than one version of perl From memory, I think that that the intent of specific patch hunk could be Nicholas Clark |
From @nwc10On Wed, Feb 04, 2004 at 10:59:27PM +0000, Nicholas Clark wrote:
I made the appended change. Nicholas Clark Change 22407 by nicholas@faith on 2004/02/28 16:10:20 Use File::Temp for tempfiles if it is available. Affected files ... ... //depot/perl/utils/perlbug.PL#45 edit Differences ... ==== //depot/perl/utils/perlbug.PL#45 (text) ==== @@ -89,9 +89,12 @@ -my $Version = "1.34"; # Changed in 1.06 to skip Mail::Send and Mail::Util if not available. # TODO: - Allow the user to re-name the file on mail failure, and sub filename { sub paraprint { |
From @nwc10On Sun, Feb 01, 2004 at 03:41:34PM +0000, Dave Mitchell wrote:
Change 22258 by davem@davem-percy on 2004/02/01 17:40:02 Subject: Re: [perl #15063] /tmp issues Remove insecure usage of /tmp from code and documentation Affected files ... ... //depot/perl/ext/DB_File/DB_File.pm#48 edit This touches quite a few dual life modules maintained outside the core, yet [I was about to merge it to maint then had second thoughts because of this] Nicholas Clark |
From @iabynOn Sat, Feb 28, 2004 at 05:06:51PM +0000, Nicholas Clark wrote:
I applied this patch when I was still in a state of blissful ignorance about Dave. -- |
From @nwc10On Sat, Feb 28, 2004 at 05:39:33PM +0000, Dave Mitchell wrote:
I think the combination is what Rafael said should be done. Certainly the Given that I'm trying to get a maint snapshot out this weekend, I'd be happy Nicholas Clark |
From @smpeters
Change 22409 by davem@davem-percy on 2004/02/28 23:29:10 Bump version numbers of moules affected by change #22258 Done. |
|
@smpeters - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#15063 (status was 'resolved')
Searchable as RT15063$
The text was updated successfully, but these errors were encountered: