Fix the symlink vulnerability noted at http://www.securityfocus.com/bid/2006

Obtained from: RedHat bash-1.14.7-23.5x.src.rpm
author: David E. O'Brien <obrien@FreeBSD.org> 2000-11-29 19:48:15 +0000
committer: David E. O'Brien <obrien@FreeBSD.org> 2000-11-29 19:48:15 +0000
commit: f1a492cf44ef52e19f05035059aa50fd1f46883a (patch)
tree: fb4d0b26f8e98be9737fd0cc762e8f841e660440 /shells
parent: Upgrade to 0.20. (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/shells/bash1/files/patch-execute_cmd.c b/shells/bash1/files/patch-execute_cmd.c
new file mode 100644
index 000000000000..47c4e4f88961
--- /dev/null
+++ b/shells/bash1/files/patch-execute_cmd.c
@@ -0,0 +1,28 @@
+--- execute_cmd.c.orig	Thu Jun  8 17:29:00 1995
++++ execute_cmd.c	Fri Nov 24 14:41:40 2000
+@@ -2718,6 +2718,7 @@
+   char *redirectee_word;
+   enum r_instruction ri = redirect->instruction;
+   REDIRECT *new_redirect;
++  mode_t um;
+ 
+   if (ri == r_duplicating_input_word || ri == r_duplicating_output_word)
+     {
+@@ -2938,11 +2939,15 @@
+ 	  pid_t pid = getpid ();
+ 
+ 	  /* Make the filename for the temp file. */
+-	  sprintf (filename, "/tmp/t%d-sh", pid);
++	  sprintf (filename, "/tmp/t-sh-XXXXXX", pid);
+ 
+-	  fd = open (filename, O_TRUNC | O_WRONLY | O_CREAT, 0666);
++	  /* O_TRUNC | O_WRONLY | O_CREAT */
++	  fd = mkstemp (filename);
+ 	  if (fd < 0)
+ 	    return (errno);
++	  um=umask(022);
++	  umask(um);
++	  fchmod(fd, 0666 & ~um);
+ 
+ 	  errno = 0;		/* XXX */
+ 	  if (redirectee->word)
author	David E. O'Brien <obrien@FreeBSD.org>	2000-11-29 19:48:15 +0000
committer	David E. O'Brien <obrien@FreeBSD.org>	2000-11-29 19:48:15 +0000
commit	f1a492cf44ef52e19f05035059aa50fd1f46883a (patch)
tree	fb4d0b26f8e98be9737fd0cc762e8f841e660440 /shells
parent	Upgrade to 0.20. (diff)