 |
GMT-common-5.2.1-alt1_3.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/gmt/tools/gmt_prepmex.sh: $ grep -A5 -B5 /tmp/ /usr/share/gmt/tools/gmt_prepmex.sh scp -r etc usr $MEXBINDIR # Now copy the lib files printf "gmt_prepmex.sh: Copy and rename libraries\n" >&2 cd $BUNDLEDIR/Contents/Resources/lib # Find a list of all libs shipped with the OSX bundle, except our own: ls *.dylib | egrep -v 'libgmt.dylib|libpostscriptlight.dylib' > /tmp/l.lis # For each, duplicate into /opt/gmt but add a leading X to each name while read lib; do new=`echo $lib | awk '{printf "libX%s\n", substr($1,4)}'` cp $lib $MEXLIBDIR/$new done < /tmp/l.lis # Copy the supplement shared plugin cp gmt/plugins/supplements.so $MEXLIBDIR/gmt/plugins cd $MEXLIBDIR ls *.dylib > /tmp/l.lis printf "gmt_prepmex.sh: Rebaptize libraries\n" >&2 # For all libs in $MEXLIBDIR, change internal references to contain the leading "X" while read lib; do otool -L $lib | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` if [ $k -eq 1 ]; then # Do the id change was=`echo $lib | awk -F/ '{print substr($1,4)}'` install_name_tool -id $MEXLIBDIR/$new $lib else install_name_tool -change $old $MEXLIBDIR/$new $lib fi let k=k+1 done < /tmp/t.lis done < /tmp/l.lis # Set links to the new libs ln -s libXgmt.dylib libgmt.dylib ln -s libXgmt.5.dylib libXgmt.dylib ln -s libXpostscriptlight.5.dylib libXpostscriptlight.dylib # This is not necessary it seems, at least for fink and homebrew -- # FROM=/usr/local/lib #fi # Do plugin supplement separately since not called lib* cd gmt/plugins otool -L supplements.so | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` install_name_tool -change $old $MEXLIBDIR/$new supplements.so let k=k+1 done < /tmp/t.lis # Do bin dir cd $MEXBINDIR otool -L gmt | grep executable_path | awk '{print $1}' > /tmp/t.lis let k=1 while read old; do new=`echo $old | awk -F/ '{printf "libX%s\n", substr($NF,4)}'` install_name_tool -change $old $MEXLIBDIR/$new gmt let k=k+1 done < /tmp/t.lis # Fix gmt-config so it returns correct paths cat << EOF > /tmp/skip GMT_EXEDIR= CONFIG_CFLAGS= CONFIG_INCLUDEDIR= CONFIG_LIBS= CONFIG_PREFIX= EOF sed '/GMT_EXEDIR/q' gmt-config > /tmp/new cat << EOF >> /tmp/new CONFIG_CFLAGS="-I/opt/gmt/include/gmt" CONFIG_DATA=\$(\$GMT_EXEDIR/gmt --show-datadir) CONFIG_INCLUDEDIR="/opt/gmt/include/gmt" CONFIG_LIBS="-L/opt/gmt/lib -lgmt" CONFIG_PREFIX="/opt/gmt" EOF sed -n '/GMT_EXEDIR/,$p' gmt-config | grep -v -f/tmp/skip >> /tmp/new mv -f /tmp/new gmt-config chmod +x gmt-config version=`gmt-config --version` # Report cat << EOF >&2 gmt_prepmex.sh: Made updated GMT $version installation in /opt/gmt |
|
GMT-doc-5.2.1-alt1_3.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/doc/gmt/supplements/misc/dim.template.sh: $ grep -A5 -B5 /tmp/ /usr/share/doc/gmt/supplements/misc/dim.template.sh orsout= # ors output folder mkdir -p $orsout gmt grdcut $bathy $box -G/tmp/$$.t.nc # the area of interest minW= # minimum filter width candidate for ORS (e.g., 60) maxW= # maximum filter width candidate for ORS (e.g., 600) intW= # filter width step (e.g., 20) level= # base contour to compute the volume and area of the residual (e.g., 300m) STEP=`gmt gmtmath -T$minW/$maxW/$intW -N1/0 =` for width in $STEP do echo "W = $width km" gmt dimfilter $bathy $box -G/tmp/$$.dim.nc -Fm${width} -D2 -Nl8 # DiM filter gmt grdfilter /tmp/$$.dim.nc -G$orsout/dim.${width}.nc -Fm50 -D2 # smoothing gmt grdmath /tmp/$$.t.nc $orsout/dim.${width}.nc SUB = /tmp/$$.sd.nc # residual from DiM gmt grdvolume /tmp/$$.sd.nc -Sk -C$level -Vl | awk '{print r,$2,$3,$4}' r=${width} >> $ors # ORS from DiM done fi # compute DiM-based regional -- for i in $width do if [ ! -f $orsout/dim.${i}.nc ]; then echo "filtering W = ${i} km" gmt dimfilter $bathy $box -G/tmp/$$.dim.nc -Fm${i} -D2 -Nl8 # DiM filter gmt grdfilter /tmp/$$.dim.nc -G$orsout/dim.${i}.nc -Fm50 -D2 # smoothing fi if [ ! -f $alldepth ]; then gmt grd2xyz -Z $orsout/dim.${i}.nc > /tmp/$$.${i}.depth fi done if [ ! -f $alldepth ]; then paste /tmp/$$.*.depth > /tmp/$$.t.depth # the number of columns can be different for each case awk '{print $1," ",$2," ",$3," ",$4," ",$5," ",$6," ",$7," ",$8," ",$9}' /tmp/$$.t.depth > $alldepth gmt grd2xyz $bathy $box -V > $bathy.xyz fi gmt dimfilter $alldepth -Q9 > /tmp/$$.out wc -l /tmp/$$.out $bathy.xyz paste $bathy.xyz /tmp/$$.out | awk '{print $1,$2,$4}' > /tmp/$$.dim.xyz paste $bathy.xyz /tmp/$$.out | awk '{print $1,$2,$5}' > /tmp/$$.err.xyz gmt xyz2grd /tmp/$$.dim.xyz -G$dim -I1m $box -V -F gmt xyz2grd /tmp/$$.err.xyz -G$err -I1m $box -V -F fi |
