Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not use fixed sed script path #261

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Do not use fixed sed script path #261

wants to merge 3 commits into from

Conversation

kienanstewart
Copy link
Contributor

Use mktemp to get the filename for storing the templating script

Using a fixed string could allow for abuse by anyone who has access to /tmp. One could place a symbolic link to any file to cause it to be overwritten when alternc.install is run.

The location of the sed script is passed as a second argument to scripts in /usr/lib/share/alternc/install.d when the template hook is called.

@vincib vincib added this to the 3.5.0rc2 milestone Jun 21, 2018
@lelutin lelutin added this to To do in release 3.5.0 Sep 19, 2019
@camlafit camlafit removed this from the 3.5.0rc2 milestone Jun 17, 2021
@camlafit camlafit changed the base branch from stable-3.1 to main January 25, 2024 14:29
@camlafit
Copy link
Contributor

Hello

I've tried to rebase over main to get an up to date PR, but get some conflict.
Other element I get a trouble about SED_SCRIPT usage.

I'll clean at least this PR to be more accurate and reflect about to apply it or not

@kienanstewart @camlafit
Use mktemp to get the filename for storing the templating script
cbfbb0c 
Using a fixed string could allow for abuse by anyone who has access to /tmp.
One could place a symbolic link to any file to cause it to be overwritten
when alternc.install is run.
@kienanstewart @camlafit
Pass SED_SCRIPT to install.d scripts for templating action
ad19402
@camlafit camlafit force-pushed the do_not_use_fixed_sed_script_path branch from 43f3e85 to ad19402 Compare January 25, 2024 17:57
@camlafit
Use sed_script during roundcube installation
3ea150e 
* SED_SCRIPT is provided as second argument to all install.d/ scripts

Follow exit status as explained at https://www.gnu.org/software/bash/manual/html_node/Exit-Status.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
release 3.5.0
  
To do
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kienanstewart @camlafit @vincib