Skip to content
Permalink
Browse files

close security hole opening semaphore file in /tmp

  • Loading branch information...
xdg committed Feb 6, 2014
1 parent b9282c7 commit 635c9eabd52ab8042b0c841823bd6e692de87924
Showing with 17 additions and 5 deletions.
  1. +5 −0 Changes
  2. +12 −5 lib/Capture/Tiny.pm
@@ -2,6 +2,11 @@ Revision history for Capture-Tiny

{{$NEXT}}

Fixed:

- Closed security hole in use of semaphore flag in /tmp;
now opens semaphore the using O_CREAT|O_EXCL

0.23 2013-10-20 11:25:34 America/New_York

Fixed:
@@ -63,11 +63,18 @@ our $TIMEOUT = 30;
# This is annoying, but seems to be the best that can be done
# as a simple, portable IPC technique
#--------------------------------------------------------------------------#
my @cmd = ($^X, '-C0', '-e', '$SIG{HUP}=sub{exit}; '
. 'if( my $fn=shift ){ open my $fh, qq{>$fn}; print {$fh} $$; close $fh;} '
. 'my $buf; while (sysread(STDIN, $buf, 2048)) { '
. 'syswrite(STDOUT, $buf); syswrite(STDERR, $buf)}'
);
my @cmd = ($^X, '-C0', '-e', <<'HERE');
use Fcntl;
$SIG{HUP}=sub{exit};
if ( my $fn=shift ) {
sysopen(my $fh, qq{$fn}, O_WRONLY|O_CREAT|O_EXCL) or die $!;
print {$fh} $$;
close $fh;
}
my $buf; while (sysread(STDIN, $buf, 2048)) {
syswrite(STDOUT, $buf); syswrite(STDERR, $buf);
}
HERE

#--------------------------------------------------------------------------#
# filehandle manipulation

0 comments on commit 635c9ea

Please sign in to comment.
You can’t perform that action at this time.