Re: [COMMITTERS] pgsql/src/bin/initdb initdb.sh

Bruce Momjian writes:

> > To securely create a temp file in shell you need to use mktemp(1), or do
> > something like (umask 077 && mkdir $TMPDIR/$$) to create a subdirectory.
> > Needless to say, it's tricky.
>
> Wow, that symlink is a bad one.  I don't see mktemp(1) on bsd/os, only
> mktemp(3).  I do see it on FreeBSD.
>
> Good thing I don't have other shell users on my system.  I do cat
> >/tmp/$$ all the time in scripts.

I see we have temp file vulnerabilities in genbki.sh and Gen_fmgrtab.sh as
well.  I'll try to fix them.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter