1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: Alexander Gerasiov <gq@debian.org>
Subject: Use more secure tempfile creation
Upstream uses buggy-way to create temp files. It is vulnerable to several
attack technics. But he likes it, because of portablity.
As we have mktemp(1) here in Debian, we will use it.
Forwarded: not-needed
--- a/lib/runtime
+++ b/lib/runtime
@@ -163,15 +163,10 @@
mktempf () {
# Avoid creating two temporary files (must have been released before)
[ -n "$_TMPFILE" ] && end_die "Error allocating temporary file $_TMPFILE"
- # Name temp file
- _TMPFILE="$TMPDIR/$(basename $0).$(date '+%Y%m%d-%H%M%S').$$.$(head -c4 /dev/random | od -t u4 | head -n 1 | awk '{print $2}')"
+ # Create temp file
+ _TMPFILE="$(mktemp -p $TMPDIR "$(basename "$0").$(date '+%Y%m%d-%H%M%S').XXXXXX")"
# Catch CTRL-C to remove $_TMPFILE
trap 'rm -f "$_TMPFILE" 2>/dev/null ; end_die "Interrupted - Removing temporary file $_TMPFILE"' 2
- # Create temp file
- _TMPMASK=$(umask)
- umask 0077
- touch "$_TMPFILE" 2>/dev/null || end_die "Error creating temporary file $_TMPFILE"
- umask "$_TMPMASK"
}
# Releases a previously allocated temporary file
|
