(unnamed)

text/plain

Filename: (unnamed)
Type: text/plain
Part: 0
Message: Re: [HACKERS] Possible make_oidjoins_check Security Issue
Index: contrib/findoidjoins/make_oidjoins_check
===================================================================
RCS file: /cvsroot/pgsql/contrib/findoidjoins/make_oidjoins_check,v
retrieving revision 1.5
diff -c -c -r1.5 make_oidjoins_check
*** contrib/findoidjoins/make_oidjoins_check	20 Oct 2004 16:42:46 -0000	1.5
--- contrib/findoidjoins/make_oidjoins_check	3 Nov 2004 22:42:06 -0000
***************
*** 10,21 ****
  # Caution: you may need to use GNU awk.
  AWK=${AWK:-awk}
  
! INPUTFILE="tmp$$a"
! DUPSFILE="tmp$$b"
! NONDUPSFILE="tmp$$c"
! rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE
  
! trap "rm -f $INPUTFILE $DUPSFILE $NONDUPSFILE" 0 1 2 3 15
  
  # Read input
  cat "$@" >$INPUTFILE
--- 10,32 ----
  # Caution: you may need to use GNU awk.
  AWK=${AWK:-awk}
  
! TMP="/tmp/$$"
! trap "rm -rf $TMP" 0 1 2 3 15
  
! # Create a temporary directory with the proper permissions so no one can
! # intercept our temporary files and cause a security breach.
! OMASK="`umask`"
! umask 077
! if ! mkdir $TMP
! then	echo "Can't create temporary directory $TMP." 1>&2
! 	exit 1
! fi
! umask "$OMASK"
! unset OMASK
! 
! INPUTFILE="$TMP/a"
! DUPSFILE="$TMP/b"
! NONDUPSFILE="$TMP/c"
  
  # Read input
  cat "$@" >$INPUTFILE