Hello Moritz, On Wed, Dec 12, 2012 at 07:02:08PM +0100, Moritz Mühlenhoff wrote: > On Wed, Dec 12, 2012 at 05:52:31PM +0000, adrelanos wrote: > > I do not want to discuss security implications of the upstream closed > > source Adobe Flash plugin. This is about how the Flash plugin is > > downloaded and installed in Debian. > > > > /usr/sbin/update-flashplugin-nonfree downloads get-upstream-version.pl > > http://people.debian.org/~bartm/flashplugin-nonfree/get-upstream-version.pl.gz.pgp > > stores it in /tmp/xxx, runs it and deletes /tmp/xxx. > > It should at least use a non-predictable tempfile (using tempfile(1) ) > > Please file bug for that.
I already use "mktemp -d /tmp/flashplugin-nonfree.XXXXXXXXXX". Isn't that secure ? What is the problem you are suggesting to file a bug for ? Regards, Bart Martens -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
