head 1.1; access; symbols OPENPKG_E1_MP_HEAD:1.1 OPENPKG_E1_MP:1.1 OPENPKG_E1_MP_2_STABLE:1.1 OPENPKG_E1_FP:1.1 OPENPKG_2_STABLE_20061018:1.1 OPENPKG_2_STABLE:1.1.0.10 OPENPKG_2_STABLE_BP:1.1 OPENPKG_2_5_SOLID:1.1.0.8 OPENPKG_2_5_SOLID_BP:1.1 OPENPKG_2_4_RELEASE:1.1 OPENPKG_2_4_SOLID:1.1.0.6 OPENPKG_2_4_SOLID_BP:1.1 OPENPKG_2_2_SOLID:1.1.0.4 OPENPKG_2_3_SOLID:1.1.0.2; locks; strict; comment @# @; 1.1 date 2005.06.15.11.19.52; author rse; state dead; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2005.06.15.11.19.52; author rse; state Exp; branches; next ; 1.1.4.1 date 2005.06.15.11.22.24; author rse; state Exp; branches; next ; desc @@ 1.1 log @file shtool.patch was initially added on branch OPENPKG_2_3_SOLID. @ text @@ 1.1.4.1 log @Apply Security Fixes (CAN-2005-1751, CAN-2005-1759) @ text @a0 109 Index: sh.common --- sh.common 7 Apr 2004 07:55:02 -0000 1.23 +++ sh.common 15 Jun 2005 08:11:16 -0000 1.24 @@@@ -161,6 +161,7 @@@@ # establish a temporary file on request if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory if [ ".$TMPDIR" != . ]; then tmpdir="$TMPDIR" elif [ ".$TEMPDIR" != . ]; then @@@@ -168,10 +169,19 @@@@ else tmpdir="/tmp" fi - tmpfile="$tmpdir/.shtool.$$" - rm -f $tmpfile >/dev/null 2>&1 - touch $tmpfile - chmod 600 $tmpfile + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" fi # utility function: map string to lower case @@@@ -188,7 +198,7 @@@@ shtool_exit () { rc="$1" if [ ".$gen_tmpfile" = .yes ]; then - rm -f $tmpfile >/dev/null 2>&1 || true + rm -rf "$tmpdir" >/dev/null 2>&1 || true fi exit $rc } Index: sh.arx --- sh.arx 12 Feb 2004 16:06:26 -0000 1.21 +++ sh.arx 15 Jun 2005 08:11:16 -0000 1.22 @@@@ -34,7 +34,7 @@@@ files="$*" # walk through the file list and expand archives members -tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` +ar_tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` nfiles='' if [ ".$files" != . ]; then for file in $files; do @@@@ -44,13 +44,13 @@@@ fi case $file in *.a ) - if [ ! -d $tmpdir ]; then + if [ ! -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "mkdir $tmpdir" 1>&2 + echo "mkdir $ar_tmpdir" 1>&2 fi - mkdir $tmpdir + mkdir $ar_tmpdir fi - case $tmpdir in + case $ar_tmpdir in .arx ) from="../$file" ;; @@@@ -61,16 +61,16 @@@@ ;; esac if [ ".$opt_t" = .yes ]; then - echo "(cd $tmpdir && $ar_prg x $from)" 1>&2 + echo "(cd $ar_tmpdir && $ar_prg x $from)" 1>&2 fi - (cd $tmpdir && eval $ar_prg x $from) + (cd $ar_tmpdir && eval $ar_prg x $from) if [ $? -ne 0 ]; then echo "$msgprefix:Error: member extraction failed for archive: $file" 1>&2 shtool_exit 1 fi for member in - `eval $ar_prg t $file | sed -e '/_\.SYMDEF/d'`; do [ ".$member" = .- ] && continue - nfiles="$nfiles $tmpdir/$member" + nfiles="$nfiles $ar_tmpdir/$member" done ;; * ) @@@@ -91,11 +91,11 @@@@ fi # cleanup and die gracefully -if [ -d $tmpdir ]; then +if [ -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "rm -rf $tmpdir" 1>&2 + echo "rm -rf $ar_tmpdir" 1>&2 fi - rm -rf $tmpdir + rm -rf $ar_tmpdir fi shtool_exit 0 @ 1.1.2.1 log @Apply Security Fixes (CAN-2005-1751, CAN-2005-1759) @ text @a0 109 Index: sh.common --- sh.common 7 Apr 2004 07:55:02 -0000 1.23 +++ sh.common 15 Jun 2005 08:11:16 -0000 1.24 @@@@ -161,6 +161,7 @@@@ # establish a temporary file on request if [ ".$gen_tmpfile" = .yes ]; then + # create (explicitly) secure temporary directory if [ ".$TMPDIR" != . ]; then tmpdir="$TMPDIR" elif [ ".$TEMPDIR" != . ]; then @@@@ -168,10 +169,19 @@@@ else tmpdir="/tmp" fi - tmpfile="$tmpdir/.shtool.$$" - rm -f $tmpfile >/dev/null 2>&1 - touch $tmpfile - chmod 600 $tmpfile + tmpdir="$tmpdir/.shtool.$$" + ( umask 077 + rm -rf "$tmpdir" >/dev/null 2>&1 || true + mkdir "$tmpdir" >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "$msgprefix:Error: failed to create temporary directory \`$tmpdir'" 1>&2 + exit 1 + fi + ) + + # create (implicitly) secure temporary file + tmpfile="$tmpdir/shtool.tmp" + touch "$tmpfile" fi # utility function: map string to lower case @@@@ -188,7 +198,7 @@@@ shtool_exit () { rc="$1" if [ ".$gen_tmpfile" = .yes ]; then - rm -f $tmpfile >/dev/null 2>&1 || true + rm -rf "$tmpdir" >/dev/null 2>&1 || true fi exit $rc } Index: sh.arx --- sh.arx 12 Feb 2004 16:06:26 -0000 1.21 +++ sh.arx 15 Jun 2005 08:11:16 -0000 1.22 @@@@ -34,7 +34,7 @@@@ files="$*" # walk through the file list and expand archives members -tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` +ar_tmpdir=`echo $archive | sed -e 's;[^/]*$;.arx;'` nfiles='' if [ ".$files" != . ]; then for file in $files; do @@@@ -44,13 +44,13 @@@@ fi case $file in *.a ) - if [ ! -d $tmpdir ]; then + if [ ! -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "mkdir $tmpdir" 1>&2 + echo "mkdir $ar_tmpdir" 1>&2 fi - mkdir $tmpdir + mkdir $ar_tmpdir fi - case $tmpdir in + case $ar_tmpdir in .arx ) from="../$file" ;; @@@@ -61,16 +61,16 @@@@ ;; esac if [ ".$opt_t" = .yes ]; then - echo "(cd $tmpdir && $ar_prg x $from)" 1>&2 + echo "(cd $ar_tmpdir && $ar_prg x $from)" 1>&2 fi - (cd $tmpdir && eval $ar_prg x $from) + (cd $ar_tmpdir && eval $ar_prg x $from) if [ $? -ne 0 ]; then echo "$msgprefix:Error: member extraction failed for archive: $file" 1>&2 shtool_exit 1 fi for member in - `eval $ar_prg t $file | sed -e '/_\.SYMDEF/d'`; do [ ".$member" = .- ] && continue - nfiles="$nfiles $tmpdir/$member" + nfiles="$nfiles $ar_tmpdir/$member" done ;; * ) @@@@ -91,11 +91,11 @@@@ fi # cleanup and die gracefully -if [ -d $tmpdir ]; then +if [ -d $ar_tmpdir ]; then if [ ".$opt_t" = .yes ]; then - echo "rm -rf $tmpdir" 1>&2 + echo "rm -rf $ar_tmpdir" 1>&2 fi - rm -rf $tmpdir + rm -rf $ar_tmpdir fi shtool_exit 0 @