Source: pacemaker Version: 1.0.11-1.2 Severity: important Tags: security
The configure script creates temporary files in an insecure way: | extract_header_define() { | AC_MSG_CHECKING(for $2 in $1) | Cfile=/tmp/extract_define.$2.${$} | printf "#include <stdio.h>\n" > ${Cfile}.c | printf "#include <%s>\n" $1 >> ${Cfile}.c | printf "int main(int argc, char **argv) { printf(\"%%s\", %s); return 0; }\n" $2 >> ${Cfile}.c | $CC $CFLAGS ${Cfile}.c -o ${Cfile} | value=`${Cfile}` | AC_MSG_RESULT($value) | printf $value | rm -f ${Cfile}.c ${Cfile} | } -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org