Bug#775139: mktexlsr: insecure use of /tmp

To: Jakub Wilk <jwilk@debian.org>, 775139@bugs.debian.org
Subject: Bug#775139: mktexlsr: insecure use of /tmp
From: Norbert Preining <preining@logic.at>
Date: Mon, 12 Jan 2015 22:18:15 +0900
Message-id: <[🔎] 20150112131815.GG18976@auth.logic.tuwien.ac.at>
Reply-to: Norbert Preining <preining@logic.at>, 775139@bugs.debian.org
In-reply-to: <[🔎] 20150111215257.GA3776@jwilk.net>
References: <[🔎] 20150111215257.GA3776@jwilk.net>

> treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
>[...]
> Please use mktemp(1) for creating temporary files.

Is this fine?
--- texlive-bin.orig/texk/kpathsea/mktexlsr
+++ texlive-bin/texk/kpathsea/mktexlsr
@@ -73,7 +73,7 @@
 dry_run=false
 trees=

-treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp"
+treefile=`mktemp -q --tmpdir mktexlsrtrees.XXXXXXXXXX`
 trap 'cd /; rm -f $treefile; test -z "$db_dir_tmp" || rm -rf "$db_dir_tmp";
       exit' 0 1 2 3 7 13 15

?

Should I upload this to unstable now for jhessie?


Norbert

------------------------------------------------------------------------
PREINING, Norbert                               http://www.preining.info
JAIST, Japan                                 TeX Live & Debian Developer
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0  ACF0 6CAC A448 860C DC13
------------------------------------------------------------------------

Reply to:

Follow-Ups:
- Bug#775139: mktexlsr: insecure use of /tmp
  - From: Jakub Wilk <jwilk@debian.org>

References:
- Bug#775139: mktexlsr: insecure use of /tmp
  - From: Jakub Wilk <jwilk@debian.org>

Prev by Date: Bug#775139: mktexlsr: insecure use of /tmp
Next by Date: Bug#775139: mktexlsr: insecure use of /tmp
Previous by thread: Bug#775139: mktexlsr: insecure use of /tmp
Next by thread: Bug#775139: mktexlsr: insecure use of /tmp
Index(es):
- Date
- Thread