pool/emacs
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a2fc1955e
emacs/emacs-23.1-rst.patch

91 lines
3.4 KiB
Diff
Raw Normal View History

. OBS-URL: https://build.opensuse.org/package/show/editors/emacs?expand=0&rev=37
2010-10-06 12:02:10 +02:00
Description: Patch to fix temporary file vulnerability
My approach is based on the premise that the make-temp-file function
provided from Emacs 22 onwards is safe. So, I backport the method to
the rst.el file, and bind it to the symbol rst--make-temp-file as
follows:
- If the Emacs version is less than 22, use this custom version. This
works on Emacs 21, I tested it.
- If the Emacs version is 22 or more, bind rst--make-temp-file to the
make-temp-fil provided in the Emacs Lisp libraries.
I don't see a solution for removing the temporary files, though.
I am no expert on security or Emacs Lisp, but I hope this patch
provides a start.
Author: Kumar Appaiah <akumar@debian.org>
Addopted due bug bnc#642787 for emacs 23.1 by Werner Fink <werner@suse.de>
---
rst.el | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 46 insertions(+), 2 deletions(-)
--- lisp/textmodes/rst.el
+++ lisp/textmodes/rst.el 2010-10-06 09:50:28.779926181 +0000
@@ -3297,10 +3297,54 @@ or of the entire buffer, if the region i
(defvar rst-pdf-program "xpdf"
"Program used to preview PDF files.")
+(if (> emacs-major-version 22)
+ (defalias 'rst--make-temp-file 'make-temp-file)
+ (defvar temporary-file-directory)
+ (defun rst--make-temp-file (prefix &optional dir-flag suffix)
+ "Create a temporary file.
+The returned file name (created by appending some random characters at the end
+of PREFIX, and expanding against `temporary-file-directory' if necessary),
+is guaranteed to point to a newly created empty file.
+You can then use `write-region' to write new data into the file.
+
+If DIR-FLAG is non-nil, create a new empty directory instead of a file.
+
+If SUFFIX is non-nil, add that at the end of the file name."
+ (let ((umask (default-file-modes))
+ file)
+ (unwind-protect
+ (progn
+ ;; Create temp files with strict access rights. It's easy to
+ ;; loosen them later, whereas it's impossible to close the
+ ;; time-window of loose permissions otherwise.
+ (set-default-file-modes ?\700)
+ (while (condition-case ()
+ (progn
+ (setq file
+ (make-temp-name
+ (if (zerop (length prefix))
+ (file-name-as-directory
+ temporary-file-directory)
+ (expand-file-name prefix
+ temporary-file-directory))))
+ (if suffix
+ (setq file (concat file suffix)))
+ (if dir-flag
+ (make-directory file)
+ (write-region "" nil file nil 'silent nil 'excl))
+ nil)
+ (file-already-exists t))
+ ;; the file was somehow created by someone else between
+ ;; `make-temp-name' and `write-region', let's try again.
+ nil)
+ file)
+ ;; Reset the umask.
+ (set-default-file-modes umask)))))
+
(defun rst-compile-pdf-preview ()
"Convert the document to a PDF file and launch a preview program."
(interactive)
- (let* ((tmp-filename "/tmp/out.pdf")
+ (let* ((tmp-filename (rst--make-temp-file "rst" nil ".pdf"))
(command (format "rst2pdf.py %s %s && %s %s"
buffer-file-name tmp-filename
rst-pdf-program tmp-filename)))
@@ -3315,7 +3359,7 @@ or of the entire buffer, if the region i
(defun rst-compile-slides-preview ()
"Convert the document to an S5 slide presentation and launch a preview program."
(interactive)
- (let* ((tmp-filename "/tmp/slides.html")
+ (let* ((tmp-filename (rst--make-temp-file "rst" nil ".html"))
(command (format "rst2s5.py %s %s && %s %s"
buffer-file-name tmp-filename
rst-slides-program tmp-filename)))
Reference in New Issue Copy Permalink