Bug#775139: mktexlsr: insecure use of /tmp
> treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
>[...]
> Please use mktemp(1) for creating temporary files.
Is this fine?
--- texlive-bin.orig/texk/kpathsea/mktexlsr
+++ texlive-bin/texk/kpathsea/mktexlsr
@@ -73,7 +73,7 @@
dry_run=false
trees=
-treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
+treefile=`mktemp -q --tmpdir mktexlsrtrees.XXXXXXXXXX`
trap 'cd /; rm -f $treefile; test -z "$db_dir_tmp" || rm -rf "$db_dir_tmp";
exit' 0 1 2 3 7 13 15
?
Should I upload this to unstable now for jhessie?
Norbert
------------------------------------------------------------------------
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
------------------------------------------------------------------------
Reply to: