On Sat, Apr 16, 2005 at 08:33:25PM -0400, Dave Jones wrote: > On Sat, Apr 16, 2005 at 05:02:21PM -0700, Paul Jackson wrote: > > > And racy. And not guaranteed to come up with fresh new files. > > > > In theory perhaps. In practice no. > > > > Even mktemp(1) can collide, in theory, since there is no practical way > > in shell scripts to hold open and locked the file from the instant of it > > is determined to be a unique name. > > Using the pid as a 'random' number is a bad idea. all an attacker > has to do is create 65535 symlinks in /usr/tmp, and he can now > overwrite any file you own. > > mktemp is being used here to provide randomness in the filename, > not just a uniqueness.
How about putting using .git/tmp.$$ or similar as tempfile? This should satisfy both the portability and security requirements, since the warnings against using $$ only apply to public directories. Regards, Erik - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html