Bruce Momjian writes:
> > To securely create a temp file in shell you need to use mktemp(1), or do
> > something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
> > Needless to say, it's tricky.
>
> Wow, that symlink is a bad one. I don't see mktemp(1) on bsd/os, only
> mktemp(3). I do see it on FreeBSD.
>
> Good thing I don't have other shell users on my system. I do cat
> >/tmp/$$ all the time in scripts.
I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well. I'll try to fix them.
--
Peter Eisentraut peter_e@gmx.net http://funkturm.homeip.net/~peter