On Sat, Apr 28, 2001 at 11:02:57AM +0100, Conor Daly wrote:
> If you want to use it in a pipe, you'll need to generate a tmp file from
> stdin and then ps2pdf the tmp file.
>> pipe or console?
> if [ -t 0 ]; then
> # We're in a console here
> ps2pdf $1
> else
> # Here, we're in a pipe
> # We need a temporary file here so something else can carry on
> cat > /tmp/input-file$$.ps
> ps2pdf /tmp/input-file$$.ps
> mv /tmp/input-file$$.pdf suitable/location/and/filename.pdf
> rm /tmp/input-file$$.ps
> fi
This is very insecure. If this runs as root and J. Random Cracker
does
$ ln -s /etc/passwd /tmp/input-file2.ps
$ ln -s /etc/passwd /tmp/input-file3.ps
$ ...
$ ln -s /etc/passwd /tmp/input-file32767.ps
and then prints a new passwd file to this printer, then you're rooted.
To ensure that you get a private temp file that you _know_ didn't
exist beforehand, you should do:
#!/bin/sh
mkdir --mode=600 /tmp/mydir.$$$ || (
echo dir already existed - aborting
exit 1
)
But, really, for stuff that runs under well-known UID, like print
spoolers, or cron jobs, you should create your own temporary
directory under /var/spool or /var/local and do all your work
in there.
These days, the only reason a script should use /tmp or /var/tmp
is if you ABSOLUTELY NEED the temp files to be accessible to more
than one UID. And even then you might be able to get away with
creating a special group, putting these users in that group and
setting /var/local/mydir to be owned by that group.
Later,
Kenn
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
