ceed13510d
allow local users to overwrite files via a symlink attack on temporary files. Security: CAN-2004-0967
16 lines
445 B
Text
16 lines
445 B
Text
--- lib/pv.sh.orig Mon Nov 28 02:18:26 2005
|
|
+++ lib/pv.sh Mon Nov 28 02:18:59 2005
|
|
@@ -29,9 +29,10 @@
|
|
PAGE=$1
|
|
shift
|
|
FILE=$1
|
|
+TEMPFILE=`mktemp -t ${FILE}XXXXXX` || exit 1
|
|
shift
|
|
-trap "rm -rf $TEMPDIR/$FILE.$$.pv" 0 1 2 15
|
|
+trap "rm -rf $TEMPFILE" 0 1 2 15
|
|
#dvips -D$RESOLUTION -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
|
|
-dvips -p $PAGE -n 1 $FILE $* -o $FILE.$$.pv
|
|
-gs $FILE.$$.pv
|
|
+dvips -p $PAGE -n 1 $FILE $* -o $TEMPFILE
|
|
+gs $TEMPFILE
|
|
exit 0
|