GNU bug report logs - #15522
gzcmp/gzdiff + gznew shell scripts use temporary files unsafely

Previous Next

Package: gzip;

Reported by: Rich Burridge <rich.burridge <at> oracle.com>

Date: Fri, 4 Oct 2013 00:21:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Rich Burridge <rich.burridge <at> oracle.com>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 15522 <at> debbugs.gnu.org
Subject: bug#15522: gzcmp/gzdiff + gznew shell scripts use temporary files unsafely
Date: Thu, 03 Oct 2013 19:37:13 -0700

On 10/03/2013 06:47 PM, Paul Eggert wrote:
> Rich Burridge wrote:
>> it would be better for these commands to use mktemp
> That was done in gzip 1.3.10, released 2006-12-30.
> Is this not working for you?  If not, why not?

I can see mktemp usage in gzexe.in and zdiff.in, but the Solaris bug report
was suggesting the same sort of thing should be done in:

zdiff.in:

128                         else
129                           set -C
130                           tmp=${TMPDIR-/tmp}/$F.$$
131                         fi
132                         gzip -cdfq -- "$2" > "$tmp" || exit 2

and znew.in:

 63 set -C
 64 echo hi > $tmp || exit
 65 if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then

Sorry, I probably confused things by giving their Solaris g<name> names,
and by stating that gzcmp and gzdiff were hard-linked without actually 
checking
(because that's no longer true in the latest versions of the gzip 
distribution).

This bug report was last modified 11 years and 254 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #15522 gzcmp/gzdiff + gznew shell scripts use temporary files unsafely

GNU bug report logs - #15522
gzcmp/gzdiff + gznew shell scripts use temporary files unsafely