From 69c9eb550cdd97fcf480c0185788b364a15c0fdb Mon Sep 17 00:00:00 2001
From: Gerhard Rieger <gerhard@dest-unreach.org>
Date: Fri, 24 Jan 2025 15:54:27 +0100
Subject: [PATCH] Further improved readline.sh STDERR handling

---
 CHANGES     |  6 ++++++
 readline.sh | 22 ++++++++++++++++------
 test.sh     |  5 +++--
 3 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3b654aa..8e9467f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+Security:
+	readline.sh has new option -lf <logfile> for stderr. If this option is
+	not given it logs to a file in . (cwd) only when it is not writable by
+	other users.
+
 ####################### V 1.8.0.2:
 
 Security:
@@ -1410,6 +1415,7 @@ security:
 
 	Socat security advisory 7
 	MSVR-1499
+	CVE-2016-2217
 	In the OpenSSL address implementation the hard coded 1024 bit DH p
 	parameter was not prime. The effective cryptographic strength of a key
 	exchange using these parameters was weaker than the one one could get by
diff --git a/readline.sh b/readline.sh
index 1045303..2f08c04 100755
--- a/readline.sh
+++ b/readline.sh
@@ -4,15 +4,19 @@
 # Published under the GNU General Public License V.2, see file COPYING
 
 # this is an attempt for a socat based readline wrapper
-# usage: readline.sh <command>
+# usage: readline.sh [options] <program>
 
 withhistfile=1
 
+STDERR=
 while true; do
     case "X$1" in
-    X-nh|X-nohist*) withhistfile=; shift; continue ;;
-    *) break;;
+	X-lf?*) STDERR="${1:3}" ;;
+	X-lf) shift; STDERR="$1" ;;
+	X-nh|X-nohist*) withhistfile= ;;
+	*) break;;
     esac
+    shift
 done
 
 PROGRAM="$@"
@@ -25,12 +29,18 @@ fi
 #
 #
 
-if test -w .; then
+#if test -w .; then
+if [ -z "$STDERR" ] && find . -maxdepth 0 -user $USER ! -perm /022 -print |grep ^ >/dev/null; then
+    # When cwd is owned by $USER and it is neither group nor world writable
     STDERR=./socat-readline.${1##*/}.log
     rm -f $STDERR
-else
+    echo "$0: logs go to $STDERR" >&2
+elif [ -z "$STDERR" ]; then
+    echo "$0: insecure working directory, no logs are written" >&2
     STDERR=/dev/null
+else
+    echo "$0: logs go to $STDERR" >&2
 fi
 
-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+exec socat -d READLINE"$HISTOPT",noecho='[Pp]assword:' EXEC:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
 
diff --git a/test.sh b/test.sh
index 5204ac7..55abd17 100755
--- a/test.sh
+++ b/test.sh
@@ -4925,8 +4925,9 @@ te="$td/test$N.stderr"
 tr="$td/test$N.ref"
 tdiff="$td/test$N.diff"
 da="test$N $(date) $RANDOM"; da="$da$($ECHO '\r')"
-# the feature that we really want to test is in the readline.sh script:
-CMD="$TRACE $SOCAT -lpwrapper $opts -t1 open:$tpi,nonblock!!open:$tpo exec:\"./readline.sh -nh ./readline-test.sh\",pty,ctty,setsid,raw,echo=0,isig"
+# the feature that we really want to test is in the readline.sh script
+READLINE_LOG=; if grep -e -lf ./readline.sh >/dev/null; then READLINE_LOG="-lf $td/test$N.rl-log"; fi
+CMD="$TRACE $SOCAT -lpwrapper $opts -t1 open:$tpi,nonblock!!open:$tpo exec:\"./readline.sh -nh $READLINE_LOG ./readline-test.sh\",pty,ctty,setsid,raw,echo=0,isig"
 #echo "$CMD" >"$ts"
 #chmod a+x "$ts"
 printf "test $F_n $TEST... " $N