Bug 116443 - Insecure tmpfile creation
Summary: Insecure tmpfile creation
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: htdig
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Phil Knirsch
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks: FC2Target
TreeView+ depends on / blocked
 
Reported: 2004-02-21 02:50 UTC by Enrico Scholz
Modified: 2015-03-05 01:13 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-02-26 15:01:41 UTC
Embargoed:

Attachments (Terms of Use)

Description Enrico Scholz 2004-02-21 02:50:25 UTC 
Description of problem:

| $ cat /usr/bin/HtFileType
| ...
| tmpfile=/tmp/`basename $0`.$$


Version-Release number of selected component (if applicable):

htdig-3.2.0b5-4
Comment 1 Enrico Scholz 2004-02-21 02:55:40 UTC 
Upstream report at

https://sourceforge.net/tracker/index.php?func=detail&aid=901555&group_id=4593&atid=104593
Comment 2 Phil Knirsch 2004-02-23 16:29:59 UTC 
Urgs. OK. Fix should be easy using mktemp. Should be fixed in next
release, too.

Read ya, Phil
Comment 3 Phil Knirsch 2004-02-26 15:01:41 UTC 
Fixed in htdig-3.2.0b5-6 and later.

Read ya, Phil
Note You need to log in before you can comment on or make changes to this bug.