search for: nbdkitshxxxxxx

...pdir); > - system (cmd); > + if (asprintf (&cmd, "rm -rf %s", tmpdir) >= 0) > + system (cmd); Safe only because our tmpdir pattern contains no shell metacharacters (your patch does not change that fact). If we ever decided to honor $TMPDIR (that is, creating $TMPDIR/nbdkitshXXXXXX instead of /tmp/nbdkitshXXXXXX), then we'd need shell quoting here. But doesn't change this patch. > +++ b/server/sockets.c > @@ -366,10 +366,16 @@ accept_connection (int listen_sock) > static void > check_sockets_and_quit_fd (int *socks, size_t nr_socks) > { > - str...

...**) argv); perror (argv[0]); _exit (EXIT_FAILURE); diff --git a/plugins/sh/sh.c b/plugins/sh/sh.c index c8a321f1..deb01201 100644 --- a/plugins/sh/sh.c +++ b/plugins/sh/sh.c @@ -50,7 +50,7 @@ #include "call.h" #include "methods.h" -static char tmpdir[] = "/tmp/nbdkitshXXXXXX"; +char tmpdir[] = "/tmp/nbdkitshXXXXXX"; static char *script; static char *magic_config_key; @@ -71,11 +71,6 @@ sh_load (void) nbdkit_error ("mkdtemp: /tmp: %m"); exit (EXIT_FAILURE); } - /* Set $tmpdir for the script. */ - if (setenv ("tmpdir"...

I'm not someone who thinks VLAs are automatically bad and unlike Linux kernel code they can sometimes be used safely in userspace. However for an internet exposed server there is an argument that they might cause some kind of exploitable situation especially if the code is compiled without other stack hardening features. Also in highly multithreaded code with limited stack sizes (as nbdkit

This was a rather longer trip around the houses than I anticipated! The basic purpose of the patch series is to set $nbdkit_stdio_safe to "0" or "1" in sh and eval plugin scripts. To do that, I ended up adding a nicer way to manipulate environ lists, and to do that, I ended up adding a whole generic vector implementation which is applicable in a lot of different places.