Jakob Lell <[EMAIL PROTECTED]> writes:
> many shell scripts use tempfiles like /tmp/tempfile.$$. This creates
> insecure tempfile vulnerabilities. One commonly used fix for this problem
> is to use set -e or/and set -C in the shell script. This makes the whole
> script fail if one command fails or pipes anything to an existing file
> (e.g. if the tempfile already exists).

'set -C' only detects already-existing regular files, it does not
prevent you writing your important data to (say) a named pipe with the
right name.

-- 
http://www.greenend.org.uk/rjk/


Reply via email to