From: David Sommerseth <d...@users.sourceforge.net> In a Debian bug report [1] there were worries that the --client-connect script hook was prune to a "symlink" attack. Even though this can be recognised if --tmp-dir is set to a world writable directory, it is not considered standard practice to do so.
This patch-set replaces the previous suggested patch, with an enhancement suggested by Fabian Knittel. In addition create_temp_filename() is renamed to create_temp_file() to reflect the behvioural change in the function. kind regards, David Sommerseth [1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534908> *** BLURB HERE *** Fabian Knittel and David Sommerseth (1): Harden create_temp_filename() (version 2) David Sommerseth (2): Renamed all calls to create_temp_filename() Updated the man page to reflect the behavioural change of create_temp_file() init.c | 2 +- misc.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++-------------- misc.h | 4 ++-- multi.c | 19 ++++++++++++++----- openvpn.8 | 2 +- pf.c | 33 +++++++++++++++++---------------- ssl.c | 36 +++++++++++++++++++++--------------- 7 files changed, 102 insertions(+), 54 deletions(-)
