Is this a safe way to use /tmp? Or is it vulnerable to the local symlink attack where another user on the system predicts the filename I am going to create, and makes a symlink using that name and does nasty things?
TIME=$(/bin/date "+%s") FILE="/tmp/clamscan.$TIME.$PPID.orig" DIR="/tmp/clamscan.$TIME.$PPID" /bin/touch $FILE /bin/chmod 600 $FILE /bin/mkdir $DIR /bin/chmod 700 $DIR I'm writing a shell script that wraps clamscan for use with maildrop. It's a modification of the one that Tom Walsh posted on Aug 20. His script doesn't address local security concerns since no one has shell accounts on his system, but that's not the case on mine, so I'm trying to fix that. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
