A more secure way to create a temporary CVS repository.

diff --git a/gettext-tools/misc/ChangeLog b/gettext-tools/misc/ChangeLog
index ec4bef28182563c4dea93fd4f9d154518a2f86c1..b38e64e04a936c2c1f1517037803a304baf4fb0b 100644 (file)
--- a/gettext-tools/misc/ChangeLog
+++ b/gettext-tools/misc/ChangeLog
@@ -1,3 +1,10 @@
+2005-01-10  Bruno Haible  <bruno@clisp.org>
+
+       Security fixes.
+       * autopoint.in: Exit if the creation of one of the temporary
+       directories fails. Also restrict the access to the temporary cvs_dir.
+       Reported by Javier Fernández-Sanguino Peña <jfs@computer.org>.
+
 2005-01-09  Bruno Haible  <bruno@clisp.org>
 
        * autopoint.in (func_tmpdir): New function.

diff --git a/gettext-tools/misc/autopoint.in b/gettext-tools/misc/autopoint.in
index 7c4d40fc1f7fa0bb4d046cbf1ba1f37e24c7faab..8b0f1c0eb13fe30e3db2c87f4e9ffca339ca25fd 100644 (file)
--- a/gettext-tools/misc/autopoint.in
+++ b/gettext-tools/misc/autopoint.in
@@ -349,8 +349,22 @@ omitintl=`if test 'external' = "$omitintl"; then echo yes; fi`
 # - work_dir        directory containing the temporary checkout
 cvs_dir=tmpcvs$$
 work_dir=tmpwrk$$
-mkdir "$cvs_dir"
-mkdir "$work_dir"
+# Use an umask of 077, to avoid attacks that work by overwriting files in the
+# "$CVSROOT"/CVSROOT directory.
+(umask 077 && mkdir "$cvs_dir") || {
+  if test -d "$cvs_dir"; then
+    func_fatal_error "directory $cvs_dir already exists"
+  else
+    func_fatal_error "cannot create directory $cvs_dir"
+  fi
+}
+mkdir "$work_dir" || {
+  if test -d "$work_dir"; then
+    func_fatal_error "directory $work_dir already exists"
+  else
+    func_fatal_error "cannot create directory $work_dir"
+  fi
+}
 CVSROOT="$srcdir/$cvs_dir"
 export CVSROOT
 unset CVS_CLIENT_LOG