Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(#9792) Predictable temporary filename in ralsh.
When ralsh is used in edit mode the temporary filename is in a shared directory, and is absolutely predictable. Worse, it won't be touched until well after the startup of the command. It can be tricked into writing through a symlink to edit any file on the system, or to create through it, but worse - the file is reopened with the same name later, so it can have the target replaced between edit and operate... The only possible mitigation comes from the system editor and the behaviour it has around editing through symbolic links, which is very weak. This improves this to prefer the current working directory for the temporary file, and to be somewhat less predictable and more safe in conjuring it into being. Fixes CVE-2011-3871 Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
- Loading branch information