> With adding the Process ID to the temporary multistrap configuration file > makes it unique. This allows multiple invocations on the same time. > For multi user system as Linux is, is this important. > > Also is the temp file deleted after usage.
While it is better than the original, it still allows for attacks - using a predictable filename in /tmp is always a security issue, and even the PID does make it imune to attacks (google for "tmp symlink attack" for details). Please consider using tempfile(1) for safely getting a temporary file. Best regards, -- Yann -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
