Bug#240231: tetex-bin: mktextfm fails to create font
Frank Küster <frank@debian.org> wrote:
> And here we have one of these braindead pseudo-tempfile names used
> throughout teTeX (probably because the better solutions aren't
> portable?). $$ is substituted by the process ID of the current shell, in
> this case 10901, and this is damn insecure.
I couldn't agree more...
> So far for the ranting. In this case it's even worse because the working
> directory is used to create the file. Root should be able to create
> files there, however - unless you were on a filesystem that is
> read-only.
There is also the possibility that an option such as bash's noclobber is
in use:
/tmp # bash root@florent
%~ %# set -o noclobber
%~ %# : > testfile
%~ %# : > testfile
bash: testfile: cannot overwrite existing file
%~ %#
--
Florent
Reply to: