rustc: Avoid /tmp/ in graphviz writing #52195
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This issue was reported to [email protected] by Sebastien Marie following our recent [security advisory][1]. Because `/tmp` is typically globally writable it's possible for one user to place symlinks in `/tmp` pointing to files in another user's directories, causing `rustc` to overwrite the contents of innocent files by accident. This patch instead defaults the output path here to the cwd which should avoid this issue. [1]: https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html
|
r? @pnkfelix (rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
|
@bors r+ rollup |
|
📌 Commit bc09fcb has been approved by |
bors
added
S-waiting-on-bors
GuillaumeGomez
added a commit
to GuillaumeGomez/rust
that referenced
this pull request
Jul 10, 2018
rustc: Avoid /tmp/ in graphviz writing This issue was reported to [email protected] by Sebastien Marie following our recent [security advisory][1]. Because `/tmp` is typically globally writable it's possible for one user to place symlinks in `/tmp` pointing to files in another user's directories, causing `rustc` to overwrite the contents of innocent files by accident. This patch instead defaults the output path here to the cwd which should avoid this issue. [1]: https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html
bors
added a commit
that referenced
this pull request
Jul 10, 2018
Rollup of 7 pull requests Successful merges: - #51612 (NLL: fix E0594 "change to mutable ref" suggestion) - #51722 (Updated RELEASES for 1.28.0) - #52064 (Clarifying how the alignment of the struct works) - #52149 (Add #[repr(transparent)] to Atomic* types) - #52151 (Trait impl settings) - #52171 (Correct some codegen stats counter inconsistencies) - #52195 (rustc: Avoid /tmp/ in graphviz writing) Failed merges: - #52164 (use proper footnote syntax for references) r? @ghost
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This issue was reported to [email protected] by Sebastien Marie following
our recent security advisory. Because
/tmpis typically globally writableit's possible for one user to place symlinks in
/tmppointing to files inanother user's directories, causing
rustcto overwrite the contents ofinnocent files by accident.
This patch instead defaults the output path here to the cwd which should avoid
this issue.