Michael Gilbert wrote: > Ok, I see now. Then the root cause is that tempfile will "listen to" > the TMPDIR setting. So, to fix that core problem, shouldn't we disable > it? Note functionality shouldn't be lost since there is still the > "--directory" option; although some scripts may need to be fixed.
No, we should not assume that TMPDIR is set by a malicious agent; that is possible but it is also possible that TMPDIR is set by a friendly agent whose goal is to increase the security of the system by putting temporary files in a secure place inacessible to other, malicious users. The correct thing to do is to respect the setting of TMPDIR precisely. If the value of TMPDIR contains any special characters, xpdf should put any temporary files in that directory, whose name contains the same special characters. That is what is achieved by Jonathan Nieder's fix trap "rm -f -- \"\$tmp\"" EXIT HUP INT QUIT TERM -- Edit this signature at http://www.digitas.harvard.edu/cgi-bin/ken/sig I'll let a train be my feet if it's too far to walk to you Train don't go there, I'll get a jet or a bus, I'm gonna find you You're mine and I know that I'll find you And my head is my only house unless it rains
signature.asc
Description: Digital signature
