>>>>> "Russ" == Russ Allbery <[EMAIL PROTECTED]> writes:
Russ> Alexandre Oliva <[EMAIL PROTECTED]> writes:
>> Moreover, there's another problem: any user may simply touch
>> /tmp/conftest9012345 and cause autoconf to think long filenames are
>> not supported, unless the user sets TMPDIR to something other than
>> /tmp. No good.
Russ> If the goal is to avoid denial of service attacks such as this,
Russ> using $$ in the file name isn't sufficient either, as the PID is
Russ> predictable. At that point, you pretty much have to use
Russ> something that includes high-entropy randomness, which is beyond
Russ> the capabilities of most shell scripts.
Would doing something like
tmp=/tmp/ac.${RANDOM-$$}
be good? The intend is to use the randomness some shell support, but
is it possible to imagine that the script is run by a nasty guy who
precisely set a well known value to RANDOM?
I suppose we don't care, since that would mean she already has pretty
much the machine under control :)
So would this improve the situation?
Akim
