znew.patch revision 2062
2074N/AFrom b3b5611e046b93fb20aa783d6d11d986f33f91f6 Mon Sep 17 00:00:00 2001
2074N/AFrom: Paul Eggert <eggert <at> cs.ucla.edu>
2074N/ADate: Thu, 3 Oct 2013 21:12:09 -0700
2074N/ASubject: [PATCH] znew: avoid denial-of-service issue
2074N/A
2074N/AReported by Rich Burridge in <http://bugs.gnu.org/15522>.
2074N/A* znew.in: Rewrite to avoid the need for a temporary file in /tmp.
2074N/AThat way, we avoid the need for set -C
2074N/Aand worrying about denial of service.
2074N/AUse touch -r and chmod --reference rather than cpmod.
2074N/AAssume cp -p works, as it's now universal.
2074N/AQuote 'echo' args better, while we're at it.
2074N/A(warn, tmp, cpmod, cpmodarg): Remove.
2074N/A(GZIP): Unset, so that we needn't test for gzip extension.
2074N/A(ext): Now always '.gz'.
2074N/A* znew.1: Document the change of implementation assumptions.
2074N/A---
2074N/Adiff --git a/znew.1 b/znew.1
2074N/Aindex dcdf84f..2a7e5e1 100644
2074N/A--- a/znew.1
2074N/A+++ b/znew.1
2074N/A@@ -32,9 +32,16 @@ Keep a .Z file when it is smaller than the .gz file; implies
2074N/A .SH "SEE ALSO"
2074N/A gzip(1), zmore(1), zdiff(1), zgrep(1), zforce(1), gzexe(1), compress(1)
2074N/A .SH BUGS
2074N/A-.I Znew
2074N/A-does not maintain the time stamp with the -P option if
2074N/A-.I cpmod(1)
2074N/A-is not available and
2074N/A-.I touch(1)
2074N/A-does not support the -r option.
2074N/A+If the
2074N/A+.B \-P
2074N/A+option is used,
2074N/A+.I znew
2074N/A+does not maintain the time stamp if
2074N/A+.IR touch (1)
2074N/A+does not support the
+.B \-r
+option, and does not maintain permissions if
+.IR chmod (1)
+does not support the
+.B \-\-reference
+option.
diff --git a/znew.in b/znew.in
index 9bd3ce9..d16311a 100644
--- a/znew.in
+++ b/znew.in
@@ -58,33 +58,9 @@ new=0
block=1024
# block is the disk block size (best guess, need not be exact)
-warn="(does not preserve modes and timestamp)"
-tmp=${TMPDIR-/tmp}/zfoo.$$
-set -C
-echo hi > $tmp || exit
-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then
- cpmod=${CPMOD-cpmod}
- warn=""
-fi
-
-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then
- cpmod="${TOUCH-touch}"
- cpmodarg="-r"
- warn="(does not preserve file modes)"
-fi
-
-# check if GZIP env. variable uses -S or --suffix
-gzip -q $tmp
-ext=`echo $tmp* | sed "s|$tmp||"`
-rm -f $tmp*
-if test -z "$ext"; then
- echo znew: error determining gzip extension
- exit 1
-fi
-if test "$ext" = ".Z"; then
- echo znew: cannot use .Z as gzip extension.
- exit 1
-fi
+# Beware -s or --suffix in $GZIP.
+unset GZIP
+ext=.gz
for arg
do
@@ -116,26 +92,27 @@ if test -n "$opt"; then
fi
for i do
- n=`echo $i | sed 's/.Z$//'`
+ n=`echo "$i" | sed 's/.Z$//'`
if test ! -f "$n.Z" ; then
- echo $n.Z not found
+ echo "$n.Z not found"
res=1; continue
fi
test $keep -eq 1 && old=`wc -c < "$n.Z"`
if test $pipe -eq 1; then
if gzip -d < "$n.Z" | gzip $opt > "$n$ext"; then
# Copy file attributes from old file to new one, if possible.
- test -n "$cpmod" && $cpmod $cpmodarg "$n.Z" "$n$ext" 2> /dev/null
+ touch -r"$n.Z" -- "$n$ext" 2>/dev/null
+ chmod --reference="$n.Z" -- "$n$ext" 2>/dev/null
else
- echo error while recompressing $n.Z
+ echo "error while recompressing $n.Z"
res=1; continue
fi
else
if test $check -eq 1; then
- if cp -p "$n.Z" "$n.$$" 2> /dev/null || cp "$n.Z" "$n.$$"; then
+ if cp -p "$n.Z" "$n.$$"; then
:
else
- echo cannot backup "$n.Z"
+ echo "cannot backup $n.Z"
res=1; continue
fi
fi
@@ -143,7 +120,7 @@ for i do
:
else
test $check -eq 1 && mv "$n.$$" "$n.Z"
- echo error while uncompressing $n.Z
+ echo "error while uncompressing $n.Z"
res=1; continue
fi
if gzip $opt "$n"; then
@@ -151,10 +128,10 @@ for i do
else
if test $check -eq 1; then
mv "$n.$$" "$n.Z" && rm -f "$n"
- echo error while recompressing $n
+ echo "error while recompressing $n"
else
# compress $n (might be dangerous if disk full)
- echo error while recompressing $n, left uncompressed
+ echo "error while recompressing $n, left uncompressed"
fi
res=1; continue
fi
@@ -175,7 +152,7 @@ for i do
else
test $pipe -eq 0 && mv "$n.$$" "$n.Z"
rm -f "$n$ext"
- echo error while testing $n$ext, $n.Z unchanged
+ echo "error while testing $n$ext, $n.Z unchanged"
res=1; continue
fi
elif test $pipe -eq 1; then
--
1.8.3.1