develooper Front page | perl.perl5.porters | Postings from February 2004

Re: [perl #15063] /tmp issues

Thread Previous | Thread Next
From:
Nicholas Clark
Date:
February 28, 2004 08:33
Subject:
Re: [perl #15063] /tmp issues
Message ID:
20040228163246.GR46380@plum.flirble.org
On Wed, Feb 04, 2004 at 10:59:27PM +0000, Nicholas Clark wrote:
> Also you may run perlbug like that if you have more than one version of perl
> installed and you want to report a bug in /usr/bin/old-working-perl
> If over time you install 5.5.x, 5.6.x, 5.8.x, then /usr/bin/perlbug will
> no longer the one installed at the same time as /usr/bin/perl5.00503
> (/usr/bin/perl5.00503 isn't deleted when /usr/bin/perl5.8.3 is installed)

I made the appended change.

Nicholas Clark

Change 22407 by nicholas@faith on 2004/02/28 16:10:20

        Use File::Temp for tempfiles if it is available.
        (Based on a patch from Solar Designer <solar@openwall.com> in
        Message-ID: <20040125222218.GA13499@openwall.com>, the bulk of which
        was applied as change 22258)

Affected files ...

... //depot/perl/utils/perlbug.PL#45 edit

Differences ...

==== //depot/perl/utils/perlbug.PL#45 (text) ====

@@ -89,9 +89,12 @@
     $::HaveSend = ($@ eq "");
     eval "use Mail::Util;";
     $::HaveUtil = ($@ eq "");
+    # use secure tempfiles wherever possible
+    eval "require File::Temp;";
+    $::HaveTemp = ($@ eq "");
 };
 
-my $Version = "1.34";
+my $Version = "1.35";
 
 # Changed in 1.06 to skip Mail::Send and Mail::Util if not available.
 # Changed in 1.07 to see more sendmail execs, and added pipe output.
@@ -130,6 +133,7 @@
 # Changed in 1.32 Use File::Spec->tmpdir TJENNESS 20-08-2000
 # Changed in 1.33 Don't require -t STDOUT for -ok.
 # Changed in 1.34 Added Message-Id RFOLEY 18-06-2002 
+# Changed in 1.35 Use File::Temp (patch from Solar Designer) NWCLARK 28-02-2004
 
 # TODO: - Allow the user to re-name the file on mail failure, and
 #       make sure failure (transmission-wise) of Mail::Send is
@@ -958,10 +962,18 @@
 }
 
 sub filename {
-    my $dir = File::Spec->tmpdir();
-    $filename = "bugrep0$$";
-    $filename++ while -e File::Spec->catfile($dir, $filename);
-    $filename = File::Spec->catfile($dir, $filename);
+    if ($::HaveTemp) {
+       # Good. Use a secure temp file
+       my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
+       close($fh);
+       return $filename;
+    } else {
+       # Bah. Fall back to doing things less securely.
+       my $dir = File::Spec->tmpdir();
+       $filename = "bugrep0$$";
+       $filename++ while -e File::Spec->catfile($dir, $filename);
+       $filename = File::Spec->catfile($dir, $filename);
+    }
 }
 
 sub paraprint {

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About