18 lines
789 B
Diff
18 lines
789 B
Diff
Most temp file directories need to be hardened against execution, but
|
|
libffi needs execute privileges. Add a libffi-specific temp directory
|
|
that can be set up by sysadmins as needed with suitable permissions.
|
|
This both ensures that libffi will have a valid temp directory to use
|
|
as well as preventing attempts to access other directories.
|
|
|
|
diff -rup a/src/closures.c b/src/closures.c
|
|
--- a/src/closures.c 2014-05-11 09:54:19.000000000 -0400
|
|
+++ b/src/closures.c 2020-04-29 20:50:00.454853909 -0400
|
|
@@ -362,6 +362,7 @@ static struct
|
|
const char *arg;
|
|
int repeat;
|
|
} open_temp_exec_file_opts[] = {
|
|
+ { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
|
|
{ open_temp_exec_file_env, "TMPDIR", 0 },
|
|
{ open_temp_exec_file_dir, "/tmp", 0 },
|
|
{ open_temp_exec_file_dir, "/var/tmp", 0 },
|