91 lines
3.4 KiB
Diff
91 lines
3.4 KiB
Diff
Description: Patch to fix temporary file vulnerability
|
|
My approach is based on the premise that the make-temp-file function
|
|
provided from Emacs 22 onwards is safe. So, I backport the method to
|
|
the rst.el file, and bind it to the symbol rst--make-temp-file as
|
|
follows:
|
|
|
|
- If the Emacs version is less than 22, use this custom version. This
|
|
works on Emacs 21, I tested it.
|
|
- If the Emacs version is 22 or more, bind rst--make-temp-file to the
|
|
make-temp-fil provided in the Emacs Lisp libraries.
|
|
|
|
I don't see a solution for removing the temporary files, though.
|
|
|
|
I am no expert on security or Emacs Lisp, but I hope this patch
|
|
provides a start.
|
|
|
|
Author: Kumar Appaiah <akumar@debian.org>
|
|
Addopted due bug bnc#642787 for emacs 23.1 by Werner Fink <werner@suse.de>
|
|
---
|
|
|
|
rst.el | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
|
|
1 file changed, 46 insertions(+), 2 deletions(-)
|
|
|
|
--- lisp/textmodes/rst.el
|
|
+++ lisp/textmodes/rst.el 2010-10-06 09:50:28.779926181 +0000
|
|
@@ -3297,10 +3297,54 @@ or of the entire buffer, if the region i
|
|
(defvar rst-pdf-program "xpdf"
|
|
"Program used to preview PDF files.")
|
|
|
|
+(if (> emacs-major-version 22)
|
|
+ (defalias 'rst--make-temp-file 'make-temp-file)
|
|
+ (defvar temporary-file-directory)
|
|
+ (defun rst--make-temp-file (prefix &optional dir-flag suffix)
|
|
+ "Create a temporary file.
|
|
+The returned file name (created by appending some random characters at the end
|
|
+of PREFIX, and expanding against `temporary-file-directory' if necessary),
|
|
+is guaranteed to point to a newly created empty file.
|
|
+You can then use `write-region' to write new data into the file.
|
|
+
|
|
+If DIR-FLAG is non-nil, create a new empty directory instead of a file.
|
|
+
|
|
+If SUFFIX is non-nil, add that at the end of the file name."
|
|
+ (let ((umask (default-file-modes))
|
|
+ file)
|
|
+ (unwind-protect
|
|
+ (progn
|
|
+ ;; Create temp files with strict access rights. It's easy to
|
|
+ ;; loosen them later, whereas it's impossible to close the
|
|
+ ;; time-window of loose permissions otherwise.
|
|
+ (set-default-file-modes ?\700)
|
|
+ (while (condition-case ()
|
|
+ (progn
|
|
+ (setq file
|
|
+ (make-temp-name
|
|
+ (if (zerop (length prefix))
|
|
+ (file-name-as-directory
|
|
+ temporary-file-directory)
|
|
+ (expand-file-name prefix
|
|
+ temporary-file-directory))))
|
|
+ (if suffix
|
|
+ (setq file (concat file suffix)))
|
|
+ (if dir-flag
|
|
+ (make-directory file)
|
|
+ (write-region "" nil file nil 'silent nil 'excl))
|
|
+ nil)
|
|
+ (file-already-exists t))
|
|
+ ;; the file was somehow created by someone else between
|
|
+ ;; `make-temp-name' and `write-region', let's try again.
|
|
+ nil)
|
|
+ file)
|
|
+ ;; Reset the umask.
|
|
+ (set-default-file-modes umask)))))
|
|
+
|
|
(defun rst-compile-pdf-preview ()
|
|
"Convert the document to a PDF file and launch a preview program."
|
|
(interactive)
|
|
- (let* ((tmp-filename "/tmp/out.pdf")
|
|
+ (let* ((tmp-filename (rst--make-temp-file "rst" nil ".pdf"))
|
|
(command (format "rst2pdf.py %s %s && %s %s"
|
|
buffer-file-name tmp-filename
|
|
rst-pdf-program tmp-filename)))
|
|
@@ -3315,7 +3359,7 @@ or of the entire buffer, if the region i
|
|
(defun rst-compile-slides-preview ()
|
|
"Convert the document to an S5 slide presentation and launch a preview program."
|
|
(interactive)
|
|
- (let* ((tmp-filename "/tmp/slides.html")
|
|
+ (let* ((tmp-filename (rst--make-temp-file "rst" nil ".html"))
|
|
(command (format "rst2s5.py %s %s && %s %s"
|
|
buffer-file-name tmp-filename
|
|
rst-slides-program tmp-filename)))
|