ceed13510d
allow local users to overwrite files via a symlink attack on temporary files. Security: CAN-2004-0967
29 lines
661 B
Text
29 lines
661 B
Text
--- lib/sysvlp.sh.orig Thu Mar 9 17:40:40 2000
|
|
+++ lib/sysvlp.sh Mon Nov 28 02:22:42 2005
|
|
@@ -27,20 +27,23 @@
|
|
# Brother HL-4: switch to HP laserjet II+ emulation
|
|
# echo "\033\015H\c"
|
|
|
|
+TEMPDIR=`mktemp -td sysvlp.XXXXXX` || exit 1
|
|
+
|
|
i=1
|
|
while [ $i -le $copies ]
|
|
do
|
|
for file in $files
|
|
do
|
|
$GSHOME/gs \
|
|
- -sOUTPUTFILE=/tmp/psp$$.%02d \
|
|
+ -sOUTPUTFILE=$TEMPDIR/psp$$.%02d \
|
|
-sDEVICE=$DEVICE \
|
|
$EHANDLER $file \
|
|
< /dev/null >> /usr/tmp/ps_log 2>&1
|
|
|
|
- cat /tmp/psp$$.* 2>> /usr/tmp/ps_log
|
|
- rm -f /tmp/psp$$.*
|
|
+ cat $TEMPDIR/psp$$.* 2>> /usr/tmp/ps_log
|
|
+ rm -f $TEMPDIR/psp$$.*
|
|
done
|
|
i=`expr $i + 1`
|
|
done
|
|
+rmdir $TEMPDIR
|
|
exit 0
|