http://bugs.grommit.com/show_bug.cgi?id=488
Summary: webrev should use a private directory for temporary
files
Product: SCM Migration
Version: unspecified
Platform: All
OS/Version: Solaris 11/Nevada
Status: NEW
Severity: minor
Priority: P4
Component: webrev
AssignedTo: scm-migration-dev at opensolaris.org
ReportedBy: nathan.bush at sun.com
webrev currently creates temporary files in the form "/tmp/$$.*"
and relies on a trap with "rm -f /tmp/$$.*" to remove them.
The use of the process ID to create temporary files is not
recommended as it is vulnerable to attack in various ways.
The recommended practice is to create a unique private
directory for temporary files. See mktemp(1).
The suggested fix is approximately:
1) At the point where the trap described above is currently set:
WEBREV_TMP=`mktemp -d -t webrev.XXXXXX`
if [[ -z "$WEBREV_TMP" ]]; then
print -u2 "Unable to create temporary directory"
exit 1
fi
2) Replace all filenames "/tmp/$$.foo" with "$WEBREV_TMP/foo".
3) Change the trap to use "rm -r $WEBREV_TMP".
--
Configure bugmail: http://bugs.grommit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
