[DebianGIS-dev] Bug#508595: CVE-2008-5380: allows local users to overwrite arbitrary files via a symlink attack
Hamish
hamish_b at yahoo.com
Tue Dec 16 16:08:45 UTC 2008
geo-code, geo-nearest, and gpssmswatch scripts updated in upstream SVN to
use a method similar to:
TMP=`tempfile -p geo.`
if [ $? -ne 0 ] || [ -z "$TMP" ] ; then
echo "ERROR: Unable to create temporary files" 1>&2
exit 1
fi
so calling this "fixed-upstream" and hoping that tempfile is somewhat
portable beyond Debian.
another idea for geo-code and geo-nearest would be to plop all the tmp
files in a single tmp dir:
tmp="/tmp/geo-code.$$"
(umask 077 && mkdir "$tmp") || {
echo "Cannot create temporary directory! Exiting." 1>&2
exit 1
}
Hamish
More information about the Pkg-grass-devel
mailing list