diff options
Diffstat (limited to 'util/libreboot-utils/mkhtemp.c')
| -rw-r--r-- | util/libreboot-utils/mkhtemp.c | 54 |
1 files changed, 36 insertions, 18 deletions
diff --git a/util/libreboot-utils/mkhtemp.c b/util/libreboot-utils/mkhtemp.c index 4408f763..261227cb 100644 --- a/util/libreboot-utils/mkhtemp.c +++ b/util/libreboot-utils/mkhtemp.c @@ -10,6 +10,10 @@ * generally provides much higher strictness than previous * implementations such as mktemp, mkstemp or even mkdtemp. * + * It uses several modern features by default, e.g. openat2 + * and O_TMPFILE on Linux, with additional hardening; BSD + * projects only have openat so the code uses that there. + * * Many programs rely on mktemp, and they use TMPDIR in a way * that is quite insecure. Mkhtemp intends to change that, * quite dramatically, with: userspace sandbox (and use OS @@ -87,9 +91,10 @@ main(int argc, char *argv[]) int fd = -1; int type = MKHTEMP_FILE; + int stfu = 0; /* -q option */ if (lbgetprogname(argv[0]) == NULL) - err_no_cleanup(errno, "could not set progname"); + err_no_cleanup(stfu, errno, "could not set progname"); /* https://man.openbsd.org/pledge.2 */ #if defined(__OpenBSD__) && defined(OpenBSD) @@ -100,7 +105,7 @@ main(int argc, char *argv[]) #endif while ((c = - getopt(argc, argv, "dp:")) != -1) { + getopt(argc, argv, "qdp:")) != -1) { switch (c) { case 'd': @@ -111,6 +116,11 @@ main(int argc, char *argv[]) tmpdir = optarg; break; + case 'q': /* don't print errors */ + /* (exit status unchanged) */ + stfu = 1; + break; + default: goto err_usage; } @@ -119,21 +129,20 @@ main(int argc, char *argv[]) if (optind < argc) template = argv[optind]; if (optind + 1 < argc) - err_no_cleanup(EINVAL, - "usage: mkhtemp [-d] [-p dir] [template]\n"); + goto err_usage; /* custom template e.g. foo.XXXXXXXXXXXXXXXXXXXXX */ if (template != NULL) { if (slen(template, maxlen, &tlen) < 0) - err_no_cleanup(EINVAL, + err_no_cleanup(stfu, EINVAL, "invalid template"); for (p = template + tlen; p > template && *--p == 'X'; xc++); - if (xc < 6) - err_no_cleanup(EINVAL, - "template must end in at least 6 X"); + if (xc < 3) /* the gnu mktemp errs on less than 3 */ + err_no_cleanup(stfu, EINVAL, + "template must have 3 X or more on end (12+ advised"); } /* user supplied -p PATH - WARNING: @@ -146,38 +155,35 @@ main(int argc, char *argv[]) if (tmpdir != NULL) { rp = realpath(tmpdir, resolved); if (rp == NULL) - err_no_cleanup(errno, - "%s", tmpdir); + err_no_cleanup(stfu, errno, "%s", tmpdir); tmpdir = resolved; } if (new_tmp_common(&fd, &s, type, tmpdir, template) < 0) - err_no_cleanup(errno, "%s", s); + err_no_cleanup(stfu, errno, "%s", s); #if defined(__OpenBSD__) && defined(OpenBSD) #if (OpenBSD) >= 509 if (pledge("stdio", NULL) == -1) - err_no_cleanup(errno, "pledge, exit"); + err_no_cleanup(stfu, errno, "pledge, exit"); #endif #endif if (s == NULL) - err_no_cleanup(EFAULT, "bad string initialisation"); - + err_no_cleanup(stfu, EFAULT, "bad string initialisation"); if (*s == '\0') - err_no_cleanup(EFAULT, "empty string initialisation"); - + err_no_cleanup(stfu, EFAULT, "empty string initialisation"); if (slen(s, maxlen, &len) < 0) - err_no_cleanup(EFAULT, "unterminated string initialisation"); + err_no_cleanup(stfu, EFAULT, "unterminated string initialisiert"); printf("%s\n", s); return EXIT_SUCCESS; err_usage: - err_no_cleanup(EINVAL, + err_no_cleanup(stfu, EINVAL, "usage: %s [-d] [-p dir] [template]\n", getnvmprogname()); }/* @@ -191,3 +197,15 @@ err_usage: */ + + + + + + + + + + + + |