diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2018-08-21 20:17:51 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2018-08-23 10:23:18 +0100 |
commit | a054156d425b4dbdaaa9fda4b5f1182b27598c2b (patch) | |
tree | 1c0921168fdb05a8fca751dd6551ac01bc9b2a25 | |
parent | 0d3901189f245232f0161addf215d7268c4d05a3 (diff) |
Bug 699658: Fix handling of pre-SAFER opened files.
Temp files opened for writing before SAFER is engaged are not subject to the
SAFER restrictions - that is handled by recording in a dictionary, and
checking that as part of the permissions checks.
By adding a custom error handler for invalidaccess, that allowed the filename
to be added to the dictionary (despite the attempted open throwing the error)
thus meaning subsequent accesses were erroneously permitted.
-rw-r--r-- | Resource/Init/gs_init.ps | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps index a6e49f08c..5a5a42857 100644 --- a/Resource/Init/gs_init.ps +++ b/Resource/Init/gs_init.ps | |||
@@ -2036,6 +2036,19 @@ readonly def | |||
2036 | concatstrings concatstrings .generate_dir_list_templates | 2036 | concatstrings concatstrings .generate_dir_list_templates |
2037 | } if | 2037 | } if |
2038 | ] | 2038 | ] |
2039 | /PermitFileWriting [ | ||
2040 | currentuserparams /PermitFileWriting get aload pop | ||
2041 | (TMPDIR) getenv not | ||
2042 | { | ||
2043 | (TEMP) getenv not | ||
2044 | { | ||
2045 | (TMP) getenv not | ||
2046 | { | ||
2047 | (/temp) (/tmp) | ||
2048 | } if | ||
2049 | } if | ||
2050 | } if | ||
2051 | ] | ||
2039 | /LockFilePermissions //true | 2052 | /LockFilePermissions //true |
2040 | >> setuserparams | 2053 | >> setuserparams |
2041 | } | 2054 | } |
@@ -2122,7 +2135,9 @@ readonly def | |||
2122 | % the file can be deleted later, even if SAFER is set. | 2135 | % the file can be deleted later, even if SAFER is set. |
2123 | /.tempfile { | 2136 | /.tempfile { |
2124 | .tempfile % filename file | 2137 | .tempfile % filename file |
2125 | //SAFETY /tempfiles get 2 .argindex //true .forceput | 2138 | //SAFETY /safe get not { % only add the filename if we're not yet safe |
2139 | //SAFETY /tempfiles get 2 .argindex //true .forceput | ||
2140 | } if | ||
2126 | } .bind executeonly odef | 2141 | } .bind executeonly odef |
2127 | 2142 | ||
2128 | % If we are running in SAFER mode, lock things down | 2143 | % If we are running in SAFER mode, lock things down |