[security question] creating tempfiles
Akim, the a2ps author (whom I've added as a CC here) suggested using
# Create the temporary directory with strict rights
(umask 077 && mkdir $tmpdir) || exit 1
in /usr/bin/texi2dvi4a2ps. This should be portable, and not require
tempfile(1) which he can't assume to be present on all systems. [ We
discussed including it with a2ps, but this solution seemed easier.]
Could someone kindly try to poke a hole into this? As the temp. directory is
created with a strict mask in an atomic operation, we should be fine. Yes?
No? I'd be thankful for all comments.
Please CC me when replying, I am currently not on this list due to the large
traffic volume.
Cheers, Dirk
--
If the current stylistic distinctions between open-source and commercial
software persist, an open-software revolution could lead to yet another
divide between haves and have-nots: those with the skills and connections
to make use of free software, and those who must pay high prices for
increasingly dated commercial offerings. -- Scientific American
Reply to: