Re: Bug#20241: Timezones should depend on debian-utils

[James Troup <J.J.Troup@scm.brad.ac.uk>]

Manoj Srivastava <srivasta@datasync.com> writes:

> [mkdir /tmp/*$$ || exit 1] suffers from more of a window than my
> method does.  rm -f $TEMPFILE && touch $TEMPFILE is safer than this.

How so?  (OpenBSD uses this method in a lot of it's shell scripts)

Incidentally, there really isn't much excuse for maintainer scripts,
which run as root, to be using /tmp/*$$ since, regardless of
tempfile/mktemp's existence, they can always use a non-world-writable
directory (e.g. /etc) to store their temporary files, this is safer
than any in /tmp solution, because if nothing else it avoids the
possibility (however remote) of DoS, which is the reason the `mkdir
/tmp/*$$ || exit 1' solution is deprecated (according to OpenBSD's
mktemp(1)).

-- 
James


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org