Hi, Dmitry E. Oboukhov wrote: > For example if a script uses in its work a temp file which is created > in /tmp directory, then every user can create symlink with the same > name in this directory in order to destroy or rewrite some system > or user file. Symlink attack may also lead not only to the data > desctruction but to denial of service as well. > > Even if you create files or directories with help of function 'RANDOM' > or pid(), then your system is not protected. Attacker can create many > symlinks in order to destroy your data or create 'denial of service' > for your package scripts. [...] > Binary-package: openoffice.org-common (1:2.4.1-6) > file: /usr/lib/openoffice/program/senddoc
I guess you mean this snippet in the mutt handling part of senddoc? [...] --body) TEMPLATE="`basename $0`.mutt.XXXXXXXX" BODY=`mktemp -q -t ${TEMPLATE}` echo "$2" > $BODY shift [...] x-terminal-emulator -e ${MAILER} \ ${FROM:+-e} ${FROM:+"set from=\"${FROM}\""} \ ${CC:+-c} ${CC:+"${CC}"} \ ${BCC:+-b} ${BCC:+"${BCC}"} \ ${SUBJECT:+-s} ${SUBJECT:+"${SUBJECT}"} \ ${BODY:+-i} ${BODY:+"${BODY}"} \ ${ATTACH:+-a} ${ATTACH:+"${ATTACH}"} \ ${TO:+"${TO}"} & rm -f $BODY [...] I so far thought mktemp was safe enough? (of course, we get senddoc.mutt.<number>, but... Regards, Rene -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]