On Tue, Oct 20, 2009 at 16:41:16 -0300, Luciano Bello wrote: > El Mar 20 Oct 2009, Julien Cristau escribió: > > this is completely broken, you're missing $() around the mktemp > > invocation, you're never using SOCKET_DIR_TMP, your mktemp call has > > only 2 X's, and you're not removing the existing $SOCKET_DIR. So, what > > exactly are you trying to fix? > > Sorry. > - mv $SOCKET_DIR $SOCKET_DIR.$$ > + $SOCKET_DIR_TMP=$(mktemp -d $SOCKET_DIR.XXXXX) > + mv $SOCKET_DIR/* $SOCKET_DIR_TMP/ > > and I badcopied the bug number (is #521107) > > The point is fix the Insecure Temporary File Creation Vulnerability. > It's still not clear to me what you think the above would fix.
Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
