Re: pkg/45558: lang/caml-light insecure-temporary-files

[David Holland <dholland%netbsd.org@localhost>]

The following reply was made to PR pkg/45558; it has been noted by GNATS.

From: David Holland <dholland%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/45558: lang/caml-light insecure-temporary-files
Date: Sun, 6 Nov 2011 19:29:05 +0000

  > caml-light uses mktemp() insecurely.
 
 Also, note that you need something like pkgsrc patch-an (appended here
 for reference) to avoid other /tmp follies at build time.
 
 --- launch/Makefile~   1995-02-22 04:33:26.000000000 -0500
 +++ launch/Makefile    2008-09-04 21:32:35.000000000 -0400
 @@ -10,19 +10,20 @@ all: camlc camllight camlmktop camlexec 
  # Also, "make install" is done with root permissions, meaning that we don't
  # have write permission in the current directory if NFS-mounted...
  
 +#     (echo "#!$(BINDIR)/camlrun"; \
 +#      echo "exit 2"; \
 +#      cat testprog) > /tmp/testscr
 +#     chmod a+x /tmp/testscr
 +#     sh -c 'if sh -c /tmp/testscr 2>/dev/null; \
 +#               then echo "#!$(BINDIR)/camlrun" > $(LIBDIR)/header; \
 +#               else cp camlexec $(LIBDIR)/header; \
 +#               fi'
 +#     rm -f /tmp/testscr
  install:
 -      (echo "#!$(BINDIR)/camlrun"; \
 -       echo "exit 2"; \
 -       cat testprog) > /tmp/testscr
 -      chmod a+x /tmp/testscr
 -      sh -c 'if sh -c /tmp/testscr 2>/dev/null; \
 -               then echo "#!$(BINDIR)/camlrun" > $(LIBDIR)/header; \
 -               else cp camlexec $(LIBDIR)/header; \
 -               fi'
 -      rm -f /tmp/testscr
 +      echo "#!$(BINDIR)/camlrun" > $(DESTDIR)$(LIBDIR)/header
        for script in camlc camllight camlmktop; do \
 -        cp $$script $(BINDIR)/$$script; \
 -        chmod a+x $(BINDIR)/$$script; \
 +        cp $$script $(DESTDIR)$(BINDIR)/$$script; \
 +        chmod a+x $(DESTDIR)$(BINDIR)/$$script; \
        done
  
  SEDCOMMANDS=\
 
 -- 
 David A. Holland
 dholland%netbsd.org@localhost