From: Bruno Haible <bruno@clisp.org>
Date: Fri, 14 Jan 2005 12:26:36 +0000 (+0000)
Subject: A more secure way to create a temporary CVS repository.
X-Git-Tag: v0.14.2~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=236b01c36b6a3e86111745c9fbd78f11e78fe0ba;p=thirdparty%2Fgettext.git

A more secure way to create a temporary CVS repository.
---

diff --git a/gettext-tools/misc/ChangeLog b/gettext-tools/misc/ChangeLog
index ec4bef281..b38e64e04 100644
--- a/gettext-tools/misc/ChangeLog
+++ b/gettext-tools/misc/ChangeLog
@@ -1,3 +1,10 @@
+2005-01-10  Bruno Haible  <bruno@clisp.org>
+
+	Security fixes.
+	* autopoint.in: Exit if the creation of one of the temporary
+	directories fails. Also restrict the access to the temporary cvs_dir.
+	Reported by Javier Fernández-Sanguino Peña <jfs@computer.org>.
+
 2005-01-09  Bruno Haible  <bruno@clisp.org>
 
 	* autopoint.in (func_tmpdir): New function.
diff --git a/gettext-tools/misc/autopoint.in b/gettext-tools/misc/autopoint.in
index 7c4d40fc1..8b0f1c0eb 100644
--- a/gettext-tools/misc/autopoint.in
+++ b/gettext-tools/misc/autopoint.in
@@ -349,8 +349,22 @@ omitintl=`if test 'external' = "$omitintl"; then echo yes; fi`
 # - work_dir        directory containing the temporary checkout
 cvs_dir=tmpcvs$$
 work_dir=tmpwrk$$
-mkdir "$cvs_dir"
-mkdir "$work_dir"
+# Use an umask of 077, to avoid attacks that work by overwriting files in the
+# "$CVSROOT"/CVSROOT directory.
+(umask 077 && mkdir "$cvs_dir") || {
+  if test -d "$cvs_dir"; then
+    func_fatal_error "directory $cvs_dir already exists"
+  else
+    func_fatal_error "cannot create directory $cvs_dir"
+  fi
+}
+mkdir "$work_dir" || {
+  if test -d "$work_dir"; then
+    func_fatal_error "directory $work_dir already exists"
+  else
+    func_fatal_error "cannot create directory $work_dir"
+  fi
+}
 CVSROOT="$srcdir/$cvs_dir"
 export CVSROOT
 unset CVS_CLIENT_LOG