Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability
Jakob Lell <Jakob.Lell@web.de> writes:
> many shell scripts use tempfiles like /tmp/tempfile.$$. This creates
> insecure tempfile vulnerabilities. One commonly used fix for this problem
> is to use set -e or/and set -C in the shell script. This makes the whole
> script fail if one command fails or pipes anything to an existing file
> (e.g. if the tempfile already exists).
'set -C' only detects already-existing regular files, it does not
prevent you writing your important data to (say) a named pipe with the
right name.
--
http://www.greenend.org.uk/rjk/
Reply to: