Michael Gilbert wrote: > If the attacker > has control of /tmp and all can generate any file name permutation in > time to get his malicious version in place of the intended one, then > the real issue is that tmpfile's file name generation is weak, and the > problem would need to fixed there.
Not really. If I set the TMPDIR environment variable to something containing shell metacharacters, then tempfile(1) [note, the utility, not the library function] will use it. And the underescaping is still present. This has nothing to do with symlink attacks. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
