[Debian-med-packaging] r5886 - trunk/packages/dicomscope/trunk/debian
Andreas Tille
andreas at an3as.eu
Fri Feb 4 11:37:12 UTC 2011
On Fri, Feb 04, 2011 at 11:03:42AM +0000, Mathieu Malaterre wrote:
> Change ISO to UTF-8
>
> Added: trunk/packages/dicomscope/trunk/debian/iconv-inplace.sh
> ===================================================================
> --- trunk/packages/dicomscope/trunk/debian/iconv-inplace.sh (rev 0)
> +++ trunk/packages/dicomscope/trunk/debian/iconv-inplace.sh 2011-02-04 11:03:40 UTC (rev 5886)
> @@ -0,0 +1,5 @@
> +#!/bin/sh
> +#find $(DEBIAN_SRC_DIR) -name *.java -exec iconv -f ISO-IR-197 -t UTF-8 {} \;
> +in=$1
> +iconv --from-code=ISO-IR-197 --to-code=UTF-8 $in > /tmp/dummy.utf8;
> +mv /tmp/dummy.utf8 $in;
I wonder if you are aware of the security implications the usage of a
determinable file in /tmp has? Under certain racing conditions an
attacker might tweak code into /tmp/dummy.utf8. You rather should
use `mktemp` instead of this.
Kind regards
Andreas.
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list