[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-devel:16172] Re: xdvik-ja: Cannot open gziped DVI files

From: TSUCHIYA Masatoshi <tsuchiya@xxxxxxxxxx>
Subject: [debian-devel:16172] Re: xdvik-ja: Cannot open gziped DVI files
Date: Tue, 26 Oct 2004 10:47:18 +0900
List-help: <mailto:debian-devel-ctl@debian.or.jp?body=help>
List-id: debian-devel.debian.or.jp
List-owner: <mailto:debian-devel-admin@debian.or.jp>
List-post: <mailto:debian-devel@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-devel-ctl@debian.or.jp?body=unsubscribe>
X-cite: xcite 1.49
X-cite-me: 土
X-dispatcher: imput version 20040704(IM147)
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-devel-ctl@debian.or.jp; help=<mailto:debian-devel-ctl@debian.or.jp?body=help>
X-ml-name: debian-devel
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-original-to: debian-devel@debian.or.jp
X-sender: TSUCHIYA Masatoshi <tsuchiya@xxxxxxxxxxxxxxxxxxxxxxx>
X-spam-level:
X-spam-status: No, hits=-0.2 required=10.0 tests=IN_REP_TO,ISO2022JP_BODY,QUOTED_EMAIL_TEXT,RCVD_IN_ORBS, RCVD_IN_OSIRUSOFT_COM,REFERENCES,SIGNATURE_LONG_SPARSE, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_GNUS_UA, X_OSIRU_OPEN_RELAY version=2.44
References: <20040920044150.7F743222F01@xxxxxxxxxxxxxxxxxxxx> <20041025.221804.1723234065.kohda@xxxxxxxxxxxxxxxxxxxx> <87acua6bc2.fsf@xxxxxxxxxx> <20041026.093920.-1300544007.kohda@xxxxxxxxxxxxxxxxxxxx>
Message-id: <874qkidzdn.fsf@xxxxxxxxxx>
X-mail-count: 16172
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux)

>> On Tue, 26 Oct 2004 09:39:30 +0900
>> kohda@xxxxxxxxxxxxxxxxxxxx (Atsuhito Kohda) said as follows:

>> Bug#174987 で報告されている以下のバグ
>> 
>> bts> - The temporary file that compressed files are decompressed into
>> bts>   is created in the current working directory.  This creates a
>> bts>   race condition and exploitable security hole.
>> 
>> を再発させてしまっていませんか?

>そうなんですか。Perl はしゃべれないので判断できないですが #221793 を
>投げたのは #174987 を投げたのと同じ Chung-chieh さんだし #174987 の土
>屋さんのパッチに対し

>I would prefer for xdvi.bin to be invoked on a file in /dev/fd rather
>than a "real" file name, so that we do not rely on the user to set
>TMPDIR to a sane value.

>とか言ってるのが気にはなりますが，もし再発させてるようなら tetex に投
>げてみた方が良いと思います。

末尾の検証用コードで確認してみましたが，無事に /tmp/ 以下に作られてい
るようなので，大丈夫だと思います．

    The correct fix, incidentally, was to remove all mention of the
    template; it is unnecessary, and makes tempfile attempt to use the
    current directory rather than the TMPDIR.

なんて言っている人が居たので，思わず心配してしまいました．お騒がせして
済みません．

前にも言いましたが，Chung-chieh さんが言うようにファイル名を直接使うの
を止めて，/dev/fd/ 配下のファイル記述子を使うようにすると，perl-5.6 で
は動かなくなります．そのため，パッケージを woody 用に backport するの
が難しくなります．個人的に woody 環境のマシンの面倒も見ているものです
から，少なくとも xdvik-ja の方はまだしばらくこのままにしておこうと思い
ます．

;; という話は，BTS でも指摘してあるんですけどね．

-- 
土屋 雅稔 ( TSUCHIYA Masatoshi )

use File::Temp qw/ tempfile /;
my( $fh, $filename ) = &tempfile( UNLINK => 1 );
print $filename,"\n";

Follow-Ups:
- [debian-devel:16173] Re: xdvik-ja: Cannot open gziped DVI files
  - From: Atsuhito Kohda

References:
- [debian-devel:16169] Re: xdvik-ja: Cannot open gziped DVI files
  - From: Atsuhito Kohda
- [debian-devel:16170] Re: xdvik-ja: Cannot open gziped DVI files
  - From: TSUCHIYA Masatoshi
- [debian-devel:16171] Re: xdvik-ja: Cannot open gziped DVI files
  - From: Atsuhito Kohda

Prev by Date: [debian-devel:16171] Re: xdvik-ja: Cannot open gziped DVI files
Next by Date: [debian-devel:16173] Re: xdvik-ja: Cannot open gziped DVI files
Previous by thread: [debian-devel:16171] Re: xdvik-ja: Cannot open gziped DVI files
Next by thread: [debian-devel:16173] Re: xdvik-ja: Cannot open gziped DVI files
Index(es):
- Date
- Thread