Dmitry E. Oboukhov wrote:
> os-prober_1.17 os-prober /tmp/mounted-map (pipe)
> /tmp/raided-map (pipe)
os-prober writer to $OS_PROBER_TMP/{mounted-map.raided-map,etc}, which is created by:
if [ -z "$OS_PROBER_TMP" ]; then
if type mktemp >/dev/null 2>&1; then
export OS_PROBER_TMP="$(mktemp -d /tmp/os-prober.XXXXXX)"
trap "rm -rf $OS_PROBER_TMP" EXIT HUP INT QUIT TERM
else
export OS_PROBER_TMP=/tmp
fi
fi
This use of mktemp -d should be secure.
mktemp is a required package, so the insecure code path should only ever run inside
a d-i environment, which has no non-root users.
--
see shy jo
Attachment:
signature.asc
Description: Digital signature