Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

To: debian-devel@lists.debian.org
Subject: Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
From: Santiago Vila <sanvila@unex.es>
Date: Fri, 5 Sep 2003 00:50:01 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.56.0309050047130.12227@home.unex.es>
In-reply-to: <[🔎] pan.2003.09.04.21.07.04.662932@web.de>
References: <[🔎] pan.2003.09.04.21.07.04.662932@web.de>

Jakob Lell wrote:

> many shell scripts use tempfiles like /tmp/tempfile.$$. This creates
> insecure tempfile vulnerabilities. One commonly used fix for this problem
> is to use set -e or/and set -C in the shell script. [...]

Debian already has a general fix for that. It's called tempfile and
it's in package debianutils, which is essential.

> [...]
> Is it a good idea to report bugs against all packages containing this
> local DOS vulnerability?

Yes, but please follow our common guidelines for reporting bugs.
If you plan to submit many of them, ask here before you start.

Reply to:

Follow-Ups:
- Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Keegan Quinn <ice@wasteland.respond2.com>
- Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>

References:
- many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
  - From: Jakob Lell <Jakob.Lell@web.de>

Prev by Date: Re: SAL
Next by Date: [no subject]
Previous by thread: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
Next by thread: Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
Index(es):
- Date
- Thread