Bug#521107: #521107: unsafe /tmp usage in xfs (yes, I know that you orphan it)
On Tue, Oct 20, 2009 at 16:41:16 -0300, Luciano Bello wrote:
> El Mar 20 Oct 2009, Julien Cristau escribió:
> > this is completely broken, you're missing $() around the mktemp
> > invocation, you're never using SOCKET_DIR_TMP, your mktemp call has
> > only 2 X's, and you're not removing the existing $SOCKET_DIR. So, what
> > exactly are you trying to fix?
>
> Sorry.
> - mv $SOCKET_DIR $SOCKET_DIR.$$
> + $SOCKET_DIR_TMP=$(mktemp -d $SOCKET_DIR.XXXXX)
> + mv $SOCKET_DIR/* $SOCKET_DIR_TMP/
>
> and I badcopied the bug number (is #521107)
>
> The point is fix the Insecure Temporary File Creation Vulnerability.
>
It's still not clear to me what you think the above would fix.
Cheers,
Julien
Reply to: