The mktokens script fails when /tmp isn't writable (e.g., when building in a sandbox with a different TMPDIR). Replace absolute references to /tmp to relative references to TMPDIR. If TMPDIR is unset or null, default to /tmp. The mkbuiltins script was already hardened to work relative to TMPDIR, also defaulting to /tmp. v2 ensures that TMPDIR is quoted. v3 adds an extra quotation that prevents extra pathname expansions. Signed-off-by: Michael Greenberg <michael.greenberg@xxxxxxxxxx> diff --git a/src/mktokens b/src/mktokens index cd52241..3ab7bc5 100644 --- a/src/mktokens +++ b/src/mktokens @@ -37,7 +37,9 @@ # token marks the end of a list. The third column is the name to print in # error messages. -cat > /tmp/ka$$ <<\! +: "${TMPDIR:=/tmp}" + +cat > "${TMPDIR}"/ka$$ <<\! TEOF 1 end of file TNL 0 newline TSEMI 0 ";" @@ -68,28 +70,28 @@ TWHILE 0 "while" TBEGIN 0 "{" TEND 1 "}" ! -nl=`wc -l /tmp/ka$$` +nl=`wc -l "${TMPDIR}"/ka$$` exec > token.h -awk '{print "#define " $1 " " NR-1}' /tmp/ka$$ +awk '{print "#define " $1 " " NR-1}' "${TMPDIR}"/ka$$ exec > token_vars.h echo ' /* Array indicating which tokens mark the end of a list */ static const char tokendlist[] = {' -awk '{print "\t" $2 ","}' /tmp/ka$$ +awk '{print "\t" $2 ","}' "${TMPDIR}"/ka$$ echo '}; static const char *const tokname[] = {' sed -e 's/"/\\"/g' \ -e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \ - /tmp/ka$$ + "${TMPDIR}"/ka$$ echo '}; ' -sed 's/"//g' /tmp/ka$$ | awk ' +sed 's/"//g' "${TMPDIR}"/ka$$ | awk ' /TNOT/{print "#define KWDOFFSET " NR-1; print ""; print "static const char *const parsekwd[] = {"} /TNOT/,/neverfound/{if (last) print " \"" last "\","; last = $3} END{print " \"" last "\"\n};"}' -rm /tmp/ka$$ +rm "${TMPDIR}"/ka$$