&2 while true; do echo "0 " done } filenames=""
A few days back I noticed that the /usr/bin/asciiview script from the aalib-1.4.0-275 package in SUSE-9.1 used insecure temp file creation. The exploit is trivial and allows an attacker to cause a victim to overwrite any of the victim's files. The project over at Sourceforge (http://aa-project.sourceforge.net) appears to be dead, having had no update for 3 years. Emails to the two maintainers (at least the email addresses found in the SUSE RPM information) came bouncing back. So I thought I'd fix the bug myself... :) Since the script is small, I can post it here - see below. Perhaps someone with a bit more experience at this sort of thing can have a look at it to see if I've done it properly? If my fix checks out I'll post it on the Sourceforge project page, although whether anything good will actually become of it is anyone's guess... #!/bin/bash # asciiview - an ascii art image browser script. Front end for aview/aaflip TDIR=${TMPDIR:-/tmp}/aview_$$ FIFO=$TDIR/aview$$.pgm clear() { kill $! 2>/dev/null rm -f $FIFO 2>/dev/null rmdir $TDIR 2>/dev/null } myconvert() { if anytopnm $1 >$FIFO 2>/dev/null ; then exit elif convert -colorspace gray $1 pgm:- 2>/dev/null ; then exit fi echo "Failed to convert file format to PNM by both convert and anytopnm" options="" if [ "$1" = "" ]; then echo "$0 - an ascii art image/animation browser. To run this script you need aview, aaflip and NetPBM or ImageMagick. You may browse any graphics format supported by NetPBM or ImageMagick and .fli/.flc files. Usage: $0 [options] [filenames] type aview --help [enter] for list of options. " exit 1 fi while [ "$1" != "" ]; do case $1 in "-font" | "-driver" | "-kbddriver" | "-mousedriver" | "-*width" | "-*height" | "-bright" | "-contrast" | "-gamma" | "-random" | "-dimmul" | "-boldmul") options="$options $1 $2" shift shift ;; -*) options="$options $1" shift ;; *) filenames="$filenames $1" shift ;; esac done trap clear 0 (umask 077 && mkdir $TDIR) || { echo "Unable to create temp directory $TDIR" exit 1 } mkfifo $FIFO || { echo "Unable to create FIFO $FIFO" exit 1 } for name in $filenames ; do if test -r $name ; then case $name in *.fli | *.lfc | *.flic ) PATH="$PATH:." aaflip $options $name ;; *) myconvert $name >$FIFO & pid=$! PATH="$PATH:." aview $options $FIFO kill $pid 2>/dev/null esac else echo "$name could not be opened" fi done