diff options
author | Victor Lowther <victor.lowther@gmail.com> | 2008-05-27 18:37:34 -0500 |
---|---|---|
committer | Victor Lowther <victor.lowther@gmail.com> | 2008-05-27 18:37:34 -0500 |
commit | 361e8a769a808f5f329f80f24f67d5d144f334b6 (patch) | |
tree | 06f7035b418dce95055c8ad26d2b2b05fd384c90 /pm/functions.in | |
parent | 605e67234f5b9690feacc3431ed227db637df18a (diff) |
Save all parameters into a file instead of one file per param.
This closes a security hole noticed by mbiebl.
Diffstat (limited to 'pm/functions.in')
-rw-r--r-- | pm/functions.in | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/pm/functions.in b/pm/functions.in index e4dd63f..073d79a 100644 --- a/pm/functions.in +++ b/pm/functions.in @@ -190,34 +190,30 @@ restorestate() } # If we were told by the user to ignore some parameters from HAL. -# remove them from our list. This implementation is rather stupid. +# remove parameters from our list remove_parameters() { - local x y + local p if [ "$1" = "all" ]; then - for p in "${STORAGEDIR}/parm:"*; do - [ -O "$p" ] && rm -f "$p"; - done + echo '' > "$NEW_PARAMETERS" else + [ -f "$PARAMETERS.rm" ] && rm "$PARAMETERS.rm" for p in "$@"; do - [ -O "${STORAGEDIR}/parm:$p" ] && \ - rm "${STORAGEDIR}/parm:$p" + echo "$p" >> "$PARAMETERS.rm" done + # let grep do the dirty work. + grep -vxFf "$PARAMETERS.rm" "$PARAMETERS" > "$NEW_PARAMETERS" fi - touch "${STORAGEDIR}/new-parm" } # Add a parameter to our commandline parameters. add_parameters() { + remove_parameters "$@" # no dups, please. for x in "$@"; do - touch "${STORAGEDIR}/parm:${x}" + echo "$x" >"$NEW_PARAMETERS" done - # update for next hook. - touch "${STORAGEDIR}/new-parm" } # Remove a parameter from our commandline parameters. get_parameters() { - for x in "${STORAGEDIR}/parm:"*; do - [ -O "$x" ] && echo "${x##*:}" - done + cat "$PARAMETERS" } |