From: Stefano Lattarini <stefano.lattarini@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Tim Henigan <tim.henigan@gmail.com>,
git@vger.kernel.org, davvid@gmail.com
Subject: Re: [PATCH v2] contrib: added git-diffall
Date: Thu, 23 Feb 2012 10:56:21 +0100 [thread overview]
Message-ID: <4F460D45.7000804@gmail.com> (raw)
In-Reply-To: <7vipiy8m5q.fsf@alter.siamese.dyndns.org>
Hello everybody. Hope you don't mind 2 cents from an outsider ...
On 02/23/2012 12:48 AM, Junio C Hamano wrote:
>
> Tim Henigan <tim.henigan@gmail.com> writes:
>
>> +# mktemp is not available on all platforms (missing from msysgit)
>> +# Use a hard-coded tmp dir if it is not available
>> +tmp="$(mktemp -d -t tmp.XXXXXX 2>/dev/null)" || {
>> + tmp=/tmp/git-diffall-tmp
>> +}
>
> It would not withstand malicious attacks, but doing
>
> tmp=/tmp/git-diffall-tmp.$$
>
> would at least protect you from accidental name crashes better in the
> fallback codepath.
>
Maybe this would be enough to withstand malicious attacks (even if not
denial-of-service attacks):
# mktemp is not available on all platforms (missing from msysgit)
tmp=$(mktemp -d -t tmp.XXXXXX 2>/dev/null) || {
tmp=/tmp/git-diffall-tmp.$$
mkdir "$tmp" || fatal "couldn't create temporary directory"
}
>
>> +mkdir -p "$tmp"
>
At which point this should be removed, of course.
Regards,
Stefano
next prev parent reply other threads:[~2012-02-23 9:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-22 22:12 [PATCH v2] contrib: added git-diffall Tim Henigan
2012-02-22 23:48 ` Junio C Hamano
2012-02-23 9:56 ` Stefano Lattarini [this message]
2012-02-23 17:37 ` Junio C Hamano
2012-02-23 16:07 ` Tim Henigan
2012-02-23 19:02 ` Junio C Hamano
2012-04-10 23:06 ` Matt McClure
2012-04-11 8:38 ` David Aguilar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F460D45.7000804@gmail.com \
--to=stefano.lattarini@gmail.com \
--cc=davvid@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=tim.henigan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).