Bug#496361: The possibility of attack with the help of symlinks in some Debian packages
Thijs Kinkhorst wrote:
> Rene Engelhard wrote:
> > I so far thought mktemp was safe enough? (of course, we get
> > senddoc.mutt.<number>, but...
> mktemp is safe enough. I think Dmitry refers to lines 3 and 4 of that script:
> echo "$@" > /tmp/log.obr.$$
> echo "$#" >> /tmp/log.obr.$$
> which I agree should not be there, probably leftover debug code?
Sigh. Yes, looks like it. (Checked with the 3.0 packages, which don't have
those lines anymore).