tags 496403 confirmed security thanks Hi,
I believe there are two occurences in faxspool.in. The first uses faxq-helper
to get a filename, but that filename doesn't seem secure. The second just
directly writes to a file only having a pid as random element. Perhaps an own
spool directory would be more appropriate than working in /tmp?
Thijs
====
#
# get unique directory name, using faxq-helper
#
new_seq=`$FAXQ_HELPER new`
if [ -z "$new_seq" ] ; then
$echo "can't create new job directory, give up" >&2 ; exit 6
fi
#
# mkdir a directory in $TMP (or /tmp), convert input to G3 in there
#
spooldir=${TMP:-/tmp}/$new_seq.$$.`date +%S`
if ( umask 077 ; mkdir $spooldir ) ; then
$echo "spooling to $spooldir (->$new_seq)..."
else
$echo "ERROR: can't create work dir '$spooldir', giving up" >&2 ; exit 6
fi
====
====
#
# if filename is "-", use stdin
#
if [ x$file = x- ]
then
$echo "spooling $file (stdin)..."
trap "rm /tmp/faxsp.$$" 0
cat - >/tmp/faxsp.$$
file=/tmp/faxsp.$$
else
$echo "spooling $file..."
fi
====
pgpO5WCTgsDKq.pgp
Description: PGP signature
