Bug#240231: tetex-bin: mktextfm fails to create font

[Florent Rougon <f.rougon@free.fr>]

Frank Küster <frank@debian.org> wrote:

> And here we have one of these braindead pseudo-tempfile names used
> throughout teTeX (probably because the better solutions aren't
> portable?). $$ is substituted by the process ID of the current shell, in
> this case 10901, and this is damn insecure.

I couldn't agree more...

> So far for the ranting. In this case it's even worse because the working
> directory is used to create the file. Root should be able to create
> files there, however - unless you were on a filesystem that is
> read-only. 

There is also the possibility that an option such as bash's noclobber is
in use:

/tmp # bash                                                        root@florent
%~ %# set -o noclobber
%~ %# : > testfile 
%~ %# : > testfile
bash: testfile: cannot overwrite existing file
%~ %# 

-- 
Florent