Don't attempt to read or write ~/.lesshst if it's not a regular file

or a symlink to a regular file. Previously, symlinking to /dev/null
would cause less to trash /dev/null if run with sufficient privileges,
as seen in PR misc/42237.

While the official way to disable .lesshst is to set an environment
variable, that is problematic in some cases, such as single-user mode.
A safer way to prevent even an unpatched less from writing anything
out is to mkdir ~/.lesshst.

usr.bin/less/less/cmdbuf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: cmdbuf.c,v 1.7 2006/10/26 01:33:08 mrg Exp $	*/
+/*	$NetBSD: cmdbuf.c,v 1.8 2009/12/14 03:58:27 dholland Exp $	*/
 
 /*
  * Copyright (C) 1984-2005  Mark Nudelman
@@ -22,6 +22,9 @@
 #if HAVE_STAT
 #include <sys/stat.h>
 #endif
+#if HAVE_ERRNO_H
+#include <errno.h>
+#endif
 
 extern int sc_width;
 extern int utf_mode;
@@ -1362,10 +1365,20 @@ init_cmdhist()
 	char *filename;
 	FILE *f;
 	char *p;
+#ifdef HAVE_STAT
+	struct stat st;
+#endif
 
 	filename = histfile_name();
 	if (filename == NULL)
 		return;
+#ifdef HAVE_STAT
+	/* ignore devices/fifos; allow symlinks */
+	if (stat(filename, &st) < 0)
+		return;
+	if (!S_ISREG(st.st_mode))
+		return;
+#endif
 	f = fopen(filename, "r");
 	free(filename);
 	if (f == NULL)
@@ -1442,10 +1455,22 @@ save_cmdhist()
 #if CMD_HISTORY
 	char *filename;
 	FILE *f;
+#ifdef HAVE_STAT
+	struct stat st;
+#endif
 
 	filename = histfile_name();
 	if (filename == NULL)
 		return;
+#ifdef HAVE_STAT
+	/* ignore devices/fifos; allow symlinks */
+	if (stat(filename, &st) < 0) {
+		if (errno != ENOENT)
+			return;
+	}
+	else if (!S_ISREG(st.st_mode))
+		return;
+#endif
 	f = fopen(filename, "w");
 	free(filename);
 	if (f == NULL)