Create temporary files in a secure directory, instead of using multiple

filenames based on a single invocation of mktemp() in /tmp, which is
easily predictable after the first one.

Audited by:     markm

usr.bin/m4/main.c

@@ -82,6 +82,7 @@ FILE *infile[MAXINP];		/* input file stack (0=stdin)  */
 FILE *outfile[MAXOUT];		/* diversion array(0=bitbucket)*/
 FILE *active;			/* active output file pointer  */
 char *m4temp;			/* filename for diversions     */
+char *m4dir;			/* directory for diversions    */
 int ilevel = 0; 		/* input file stack pointer    */
 int oindex = 0; 		/* diversion index..	       */
 char *null = "";                /* as it says.. just a null..  */
@@ -181,7 +182,8 @@ main(argc,argv)
 
 	active = stdout;		/* default active output     */
 					/* filename for diversions   */
-	m4temp = mktemp(xstrdup(_PATH_DIVNAME));
+	m4dir = mkdtemp(xstrdup(_PATH_DIVDIRNAME));
+	(void) asprintf(&m4temp, "%s/%s", m4dir, _PATH_DIVNAME);
 
 	bbase[0] = bufbase;
         if (!argc) {
@@ -225,6 +227,7 @@ main(argc,argv)
 		(void) remove(m4temp);
 #else
 		(void) unlink(m4temp);
+		(void) rmdir(m4dir);
 #endif
 	}
 

usr.bin/m4/pathnames.h

@@ -1,6 +1,3 @@
-/*	$OpenBSD: pathnames.h,v 1.4 1997/04/04 18:41:29 deraadt Exp $	*/
-/*	$NetBSD: pathnames.h,v 1.6 1995/09/29 00:27:55 cgd Exp $	*/
-
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -37,6 +34,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)pathnames.h	8.1 (Berkeley) 6/6/93
+ * $FreeBSD$
  */
 
 /*
@@ -49,9 +47,10 @@
 #define	UNIQUE		3			/* unique char location */
 #endif
 
-#if defined(unix) || defined(__NetBSD__) || defined(__OpenBSD__)
-#define _PATH_DIVNAME	"/tmp/m4.0XXXXXXXXXX"	/* unix diversion files */
-#define UNIQUE		8			/* unique char location */
+#ifdef unix
+#define _PATH_DIVDIRNAME "/tmp/m4XXXXXX"	/* directory for files  */
+#define _PATH_DIVNAME	"m4.0"			/* unix diversion files */
+#define UNIQUE		17			/* unique char location */
 #endif
 
 #ifdef vms