Hi,
On Mon, 2008-12-01 at 18:51 +0100, Loïc Minier wrote:
> I don't know how exploitable tmp dirs with debsign's files are,
> probably not much, but this could be avoided:
Probably not much indeed, but point taken.
> Please don't use $$, also I think it'd be best to setup the clean hook
> before creating the dir.
>
> Something like:
>
> tmp_dir=""
> cleanup() {
> if [ -n "$tmp_dir" ]; then
> rm -rf "$tmp_dir"
> fi
> }
plus the $PRECIOUS_FILES files dance in case we've partially signed a
set of files which we copied from a remote host.
In combination with your other report, I'm tempted to go for creating a
couple of temporary directories as needed (one for signing in, one for
remote files) and cleaning both up on exit.
Thanks for the reports,
Adam
--
To unsubscribe, send mail to [EMAIL PROTECTED]
