Jonathan Nieder wrote: > [1] The crux in bug #635849 is that if the user is allowed to > influence TMPDIR or the template argument then the filename returned > by tempfile and mktemp cannot be trusted not to contain shell > metacharacters; but properly quoting all variables is already good > policy in shell scripts anyway. A more general lesson might be that > unnecessarily using double-quoted strings like > > trap "rm -rf \"\$scratch_dir\"" INT EXIT > > in a shell script is dangerous and should be considered bad style, > because it is too easy to forget to escape something. Better to use > single quotes when appropriate: > > trap 'rm -rf "$scratch_dir"' INT EXIT
OK, but I'm still not convinced that there's a case where an attacker has control over TMPFILE and yet wouldn't be able to do other bad things anyway. So what scenario are we actually trying to prevent here, or is this just an academic concern? Best wishes, Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
