Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

On Mon, Jun 16, 2014 at 11:17:46AM -0700, Junio C Hamano wrote: > David Aguilar writes: > > > Hmm.. I guess what I could do is keep the old behavior (having gitk ignore > > TMPDIR) > > on Windows and only use the new code path on non-Windows. > > Or perhaps attempt to create, catch error and th

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

David Aguilar writes: > Hmm.. I guess what I could do is keep the old behavior (having gitk ignore > TMPDIR) > on Windows and only use the new code path on non-Windows. Or perhaps attempt to create, catch error and then retry the old way? Hopefully Windows folks do not have to worry about forg

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

Am 15.06.2014 09:51, schrieb Pat Thoyts: > David Aguilar writes: > >> gitk uses a predictable ".gitk-tmp.$PID" pattern when generating >> a temporary directory. >> >> Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone >> seeding /tmp with files matching the pid pattern. >> >> Signed-

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

On Sun, Jun 15, 2014 at 02:49:29PM -0700, David Aguilar wrote: > I don't think this requires a CVE since it's basically plugging a hole > that my previous patch introduced by making gitk honor the TMPDIR > variable; it hasn't strictly been in any release yet. Yeah, that's not needed, then. I didn

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

On Sun, Jun 15, 2014 at 04:32:27PM +, brian m. carlson wrote: > On Sun, Jun 15, 2014 at 08:51:23AM +0100, Pat Thoyts wrote: > > David Aguilar writes: > > >--- a/gitk > > >+++ b/gitk > > >@@ -3502,7 +3502,8 @@ proc gitknewtmpdir {} { > > > } else { > > > set tmpdir $gitdir > > > } > >

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

On Sun, Jun 15, 2014 at 08:51:23AM +0100, Pat Thoyts wrote: > David Aguilar writes: > >--- a/gitk > >+++ b/gitk > >@@ -3502,7 +3502,8 @@ proc gitknewtmpdir {} { > > } else { > > set tmpdir $gitdir > > } > >-set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]] > >+

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

David Aguilar writes: >gitk uses a predictable ".gitk-tmp.$PID" pattern when generating >a temporary directory. > >Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone >seeding /tmp with files matching the pid pattern. > >Signed-off-by: David Aguilar >--- >This issue was brought up du

Re: [PATCH] gitk: use mktemp -d to avoid predictable temporary directories

On Fri, Jun 13, 2014 at 02:43:48PM -0700, David Aguilar wrote: > gitk uses a predictable ".gitk-tmp.$PID" pattern when generating > a temporary directory. > > Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone > seeding /tmp with files matching the pid pattern. > > Signed-off-by: Dav

[PATCH] gitk: use mktemp -d to avoid predictable temporary directories

gitk uses a predictable ".gitk-tmp.$PID" pattern when generating a temporary directory. Use "mktemp -d .gitk-tmp.XX" to harden gitk against someone seeding /tmp with files matching the pid pattern. Signed-off-by: David Aguilar --- This issue was brought up during the first review of the prev