Hello, many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. This makes the whole script fail if one command fails or pipes anything to an existing file (e.g. if the tempfile already exists). So this can often solve a insecure tempfile creation. However, the script then fails if the file /tmp/tempfile.$$ exists. As any user can create this files with wrong PIDs and thus prevent other users from using the vulnerable program, this is a local DOS vulnerability. The same problem occurs if the script uses something like "mkdir tmp$$ && cd tmp$$ || exit" (from /usr/bin/allec, package tetex-bin 1.0.7+20011202-7.1) to exit if the file/directory exists. For this reason it is IMO always a bad idea to use tempfiles or directories like /tmp/tempfile.$$. You can use mktemp to get a tempfile or mktemp -d to get a temporary directory securely.
Is it a good idea to report bugs against all packages containing this local DOS vulnerability? Should this be reported to the security team?
