On 23Jun2019 12:36, vincent lefevre <vinc...@vinc17.org> wrote:
On 2019-06-23 14:44:36 +1000, Cameron Simpson wrote:
Were it a simple filename it would all be easy. Maybe a chdir(tmpdir)
before running the shell command with a simple filename?
I'm not sure whether this is a good idea. The temporary directory
may be (and often is) world-writable, and on multi-user machines,
this increases the risk of vulnerability. For instance, some
programs may consider configuration files in the current working
directory, and/or may write/re-read files there.
Ugh. Yes. Have we got some real world examples in mind? VCS programmes
are the glaring ones to my mind.
Cheers,
Cameron Simpson <c...@cskk.id.au>
