make system_pty_capture more robust

1 files changed, 13 insertions, 4 deletions

diff --git a/lib/perl5/Local/Interactive.pm b/lib/perl5/Local/Interactive.pm
index 5ad1ea11..0d75fbbe 100644
--- a/lib/perl5/Local/Interactive.pm
+++ b/lib/perl5/Local/Interactive.pm
@@ -19,10 +19,12 @@ use strict;
 use warnings;
 
 use Cwd;
-use File::Temp qw(tempfile);
+use File::Temp qw(tempfile tempdir);
+use File::Path qw(remove_tree);
 use Exporter 'import';
 use Term::ANSIColor;
 use Local::ScriptStatus;
+use Sys::Hostname;
 
 # Quoting perldoc perlmodlib: "As a general rule, if the module is
 # trying to be object oriented then export nothing. If it's just a
@@ -149,14 +151,21 @@ password.
 sub system_pty_capture {
     my ($cmd) = @_;
 
-    # TODO put our PID in this filename to avoid possibility of a race
-    my (undef, $filename) = tempfile("sysptycapXXXXXX", OPEN => 0);
+    # the point of creating a tempdir and then putting a file inside
+    # it is that then we can chmod that dir.  File::Temp apparently
+    # uses secure permissions on files it creates in /tmp, but this
+    # but it is not documented, so let's not rely on it
+    my $dir = tempdir("sysptycap." . hostname() . ".$$.XXXX",
+                      CLEANUP => 1, TMPDIR => 1);
+    chmod 0700, $dir;
+    my (undef, $filename) = tempfile("sysptycap.XXXX",
+                                     OPEN => 0, DIR => $dir);
     system qw(script --quiet --command), $cmd, $filename;
 
     open my $fh, '<', $filename;
     chomp(my @output = <$fh>);
     close $fh;
-    unlink $filename;
+    remove_tree($dir);
 
     $output[$#output] =~ /COMMAND_EXIT_CODE="([0-9]+)"/;
     my $exit = $1;