Description: Don't use predictable names for temporary files
 This allows an attacker on a multi-user system to set up symlinks to
 overwrite any file the current user has write access to.
 .
 Don't recommend users of this module to use predictable names either.
Origin: backport, https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1267962
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2015-11-26
Applied-Upstream: 1.6

---
 lib/IPTables/Parse.pm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

--- a/lib/IPTables/Parse.pm
+++ b/lib/IPTables/Parse.pm
@@ -17,6 +17,7 @@ package IPTables::Parse;
 use 5.006;
 use POSIX ":sys_wait_h";
 use Carp;
+use File::Temp;
 use strict;
 use warnings;
 use vars qw($VERSION);
@@ -29,8 +30,8 @@ sub new() {
 
     my $self = {
         _iptables => $args{'iptables'} || $args{'ip6tables'} || '/sbin/iptables',
-        _iptout    => $args{'iptout'}    || '/tmp/ipt.out',
-        _ipterr    => $args{'ipterr'}    || '/tmp/ipt.err',
+        _iptout    => $args{'iptout'}    || mktemp('/tmp/ipt.out.XXXXXX'),
+        _ipterr    => $args{'ipterr'}    || mktemp('/tmp/ipt.err.XXXXXX'),
         _ipt_alarm => $args{'ipt_alarm'} || 30,
         _debug     => $args{'debug'}     || 0,
         _verbose   => $args{'verbose'}   || 0,
@@ -701,8 +702,6 @@ IPTables::Parse - Perl extension for par
 
   my %opts = (
       'iptables' => $ipt_bin,
-      'iptout'   => '/tmp/iptables.out',
-      'ipterr'   => '/tmp/iptables.err',
       'debug'    => 0,
       'verbose'  => 0
   );