Re: CVE-2008-5378: possible symlink attacks
On Tue, 30 Dec 2008, Thomas Viehmann wrote:
The last six characters of template must be "XXXXXX" and these
are replaced with a string that makes the filename
unique. Since it will be modified, template must not be a
string constant, but should be declared as a character array.
so you have the name readily available.
Hmm, stupid me - my patch is just wrong. It makes no sense to
start reading a file which is created using mktemp - by definition
it does not exist. SOrry for the confusion - I just have to
search the filesystem at this piece of code for the previousely
created file (or keep a variable with the name).
Don't know, causing people to accidentally kill their processes seems
nasty to me, but it might not be that critical.
Considering the practical use I do not think that this application
is a frequently used way to do this harm to people.