Package: debian-goodies Version: 0.87 Tags: security dman does this:
mandir=`mktemp --tmpdir="${TMPDIR:-/tmp}" -d dman.XXXXXX`
trap "rm -rf $mandir" EXIT HUP INT QUIT TERM
When a signal arrives, it removes $mandir, and then... it doesn't exit,
but continues whatever it was doing. This gives the local attacker an
opportunity to create their own malicious $mandir.
See #911720 and #911969 for similar bugs in devscripts. -- Jakub Wilk
