Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

Jakob Lell <[EMAIL PROTECTED]> writes: > many shell scripts use tempfiles like /tmp/tempfile.$$. This creates > insecure tempfile vulnerabilities. One commonly used fix for this problem > is to use set -e or/and set -C in the shell script. This makes the whole > script fail if one command fails or

Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

On Fri, Sep 05, 2003 at 12:23:13PM +0200, Santiago Vila wrote: > I believe supporting upgrades which skip one release (for example, > from oldstable to testing) should be a must, but unfortunately this is > not written anywhere. Not to mention that it hasn't really worked for several releases now.

Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

On Fri, 5 Sep 2003, Andreas Metzler wrote: > Another question: tempfile(1) says: > | Debian packages using tempfile in maintainer scripts must depend on > | debianutils >= 1.6. > > tempfile 1.6 was released april 1997, i.e. it was probably included in > Bo, or it for sure in Hamm. Shouldn't this s

Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

Santiago Vila <[EMAIL PROTECTED]> wrote: > Jakob Lell wrote: >> many shell scripts use tempfiles like /tmp/tempfile.$$. This creates >> insecure tempfile vulnerabilities. One commonly used fix for this problem >> is to use set -e or/and set -C in the shell script. [...] > Debian already has a gene

Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

On Fri, Sep 05, 2003 at 12:50:01AM +0200, Santiago Vila wrote: > Jakob Lell wrote: > > [...] > > Is it a good idea to report bugs against all packages containing this > > local DOS vulnerability? > > Yes, but please follow our common guidelines for reporting bugs. > If you plan to submit many of t

Re: many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

Jakob Lell wrote: > many shell scripts use tempfiles like /tmp/tempfile.$$. This creates > insecure tempfile vulnerabilities. One commonly used fix for this problem > is to use set -e or/and set -C in the shell script. [...] Debian already has a general fix for that. It's called tempfile and it's

many scripts fail if /tmp/tempfile.$$ exists -> local DOS vulnerability

Hello, many shell scripts use tempfiles like /tmp/tempfile.$$. This creates insecure tempfile vulnerabilities. One commonly used fix for this problem is to use set -e or/and set -C in the shell script. This makes the whole script fail if one command fails or pipes anything to an existing file (e.g.