diff options
author | Einhard Leichtfuß <alguien@respiranto.de> | 2018-12-03 21:23:24 +0100 |
---|---|---|
committer | Einhard Leichtfuß <alguien@respiranto.de> | 2018-12-03 21:29:37 +0100 |
commit | dc1be4c559bb2cfef9fe923a77b3cb474c196358 (patch) | |
tree | fe31140fd6a5abd84836e1dfc1119dece27739cd /ctct.in | |
parent | 65bcfce435ba755ca17077c6cd53b5edbe785b31 (diff) |
Treat temporary file with care
Particularly in case somebody uses de-/encrypting {input,ouput}_program,
it is important that the temporary file containing the decrypted data
remains only accessible by the current user and is deleted when no
longer needed.
Diffstat (limited to 'ctct.in')
-rw-r--r-- | ctct.in | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -57,6 +57,12 @@ usage: EOF } +function cleanup() +{ + test -v tmp_file && test -f "$tmp_file" && rm "$tmp_file" +} +trap cleanup EXIT + function main() { if ! test -d "$datadir" && ! mkdir "$datadir" @@ -208,13 +214,13 @@ function search_file() function list_all() { - # NEW + # Use find instead of ls to avoid listing non-regular files. find "$datadir" -maxdepth 1 -type f | sed 's|.*/||' } function edit_file() { - local file tmp_file editor new=false + local file editor new=false if ! file="$datadir/$(get_filename "$1")" then @@ -244,10 +250,12 @@ function edit_file() "$editor" "$file" else tmp_file="$(mktemp)" + chmod 600 "$tmp_file" # output_program may contain further arguments: ! $new && eval "$output_program" < "$file" > "$tmp_file" "$editor" "$tmp_file" eval "$input_program" < "$tmp_file" > "$file" + rm "$tmp_file" && unset tmp_file fi } |