mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 03:27:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Favor $HOME directory over /tmp

Browse source 
This should strike a better compromise that keeps people happy about the
security of APE when it extracts the loader. This way systems with users
who aren't trusted (e.g. CPanel) won't be at any risk of compromise when
there isn't an `ape` loader on the system `$PATH`.

This change also bumps redbean up to 2.0.3
This commit is contained in:
Justine Tunney 2022-06-17 07:51:26 -07:00
parent 5e04827949
commit 52ed099fe6
2 changed files with 6 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
ape/ape.S
View file

@ -551,7 +551,7 @@ apesh: .ascii "'\n#'\"\n" # sixth edition shebang
// extract the loader into a temp folder, and use it to // extract the loader into a temp folder, and use it to
// load the APE without modifying it. // load the APE without modifying it.
.ascii "[ x\"$1\" != x--assimilate ] && {\n" .ascii "[ x\"$1\" != x--assimilate ] && {\n"
.ascii "t=\"${TMPDIR:-/tmp}/ape\"\n" .ascii "t=\"${TMPDIR:-${HOME:-.}}/.ape\"\n"
.ascii "[ -x \"$t\" ] || {\n" .ascii "[ -x \"$t\" ] || {\n"
.ascii "mkdir -p \"${t%/*}\" &&\n" .ascii "mkdir -p \"${t%/*}\" &&\n"
.ascii "dd if=\"$o\" of=\"$t.$$\" skip=\"" .ascii "dd if=\"$o\" of=\"$t.$$\" skip=\""
@ -580,20 +580,10 @@ apesh: .ascii "'\n#'\"\n" # sixth edition shebang
// We prefer this because it's a tiny constant one time cost. // We prefer this because it's a tiny constant one time cost.
// We simply printf a 64-byte header and call execve() again. // We simply printf a 64-byte header and call execve() again.
#else #else
// The alternative behavior is to copy to $TMPDIR and edit. // The alternative behavior is to copy to $TMPDIR or $HOME or
// This imposes a variety of caveats of its own that should // the current directory. We like TMPDIR because it's part of
// be considered by the user beforehand, such as whether or // the IEEE POSIX standard whereas alternatives (XDG) aren't.
// not /tmp is considered trustworthy on a given system, or .ascii "t=\"${TMPDIR:-${HOME:-.}}/$0\"\n"
// if the administrator chose to mount it with noexec. It's
// up to the user to decide what's best in those situations
// and also note that argv[0] and getauxval(AT_EXECFN) will
// change as a result of this, and lastly note we don't try
// to cleanup the tmp copies for the sake of efficiency. It
// should also be noted that if $0 has directory components
// then permission clashes can happen between system users,
// since only root is able to set the sticky bit, which can
// be addressed simply by overriding the TMPDIR environment
.ascii "t=\"${TMPDIR:-/tmp}/$0\"\n"
.ascii "[ x\"$1\" != x--assimilate ] || [ ! -e \"$t\" ] && {\n" .ascii "[ x\"$1\" != x--assimilate ] || [ ! -e \"$t\" ] && {\n"
.ascii "[ x\"$1\" != x--assimilate ] && {\n" .ascii "[ x\"$1\" != x--assimilate ] && {\n"
.ascii "mkdir -p \"${t%/*}\" 2>/dev/null\n" .ascii "mkdir -p \"${t%/*}\" 2>/dev/null\n"

2
tool/net/redbean.c
View file

@ -138,7 +138,7 @@ STATIC_YOINK("zip_uri_support");
#define REDBEAN "redbean" #define REDBEAN "redbean"
#endif #endif
#define VERSION 0x020002 #define VERSION 0x020003
#define HEARTBEAT 5000 /*ms*/ #define HEARTBEAT 5000 /*ms*/
#define HASH_LOAD_FACTOR /* 1. / */ 4 #define HASH_LOAD_FACTOR /* 1. / */ 4
#define MONITOR_MICROS 150000 #define MONITOR_MICROS 150000