On Sat, Apr 16, 2005 at 08:33:25PM -0400, Dave Jones wrote:
> On Sat, Apr 16, 2005 at 05:02:21PM -0700, Paul Jackson wrote:
>  > > And racy. And not guaranteed to come up with fresh new files.
>  > 
>  > In theory perhaps.  In practice no.
>  > 
>  > Even mktemp(1) can collide, in theory, since there is no practical way
>  > in shell scripts to hold open and locked the file from the instant of it
>  > is determined to be a unique name.
> Using the pid as a 'random' number is a bad idea. all an attacker
> has to do is create 65535 symlinks in /usr/tmp, and he can now
> overwrite any file you own.
> mktemp is being used here to provide randomness in the filename,
> not just a uniqueness.

How about putting using .git/tmp.$$ or similar as tempfile?

This should satisfy both the portability and security requirements,
since the warnings against using $$ only apply to public directories.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to