Red Hat Bugzilla – Bug 169585
CAN-2005-3011 texindex insecure temporary file usage
Last modified: 2007-11-30 17:11:14 EST
+++ This bug was initially created as a clone of Bug #169583 +++
The texindex command uses predictable temporary filenames. This could allow a
rogue local user to create a symlink which would cause texindex to overwrite
various files the user running texindex has write access to.
There is more informatin in the Debian bug:
No patch exists yet.
This issue seems to be mitigated by the fact that texindex will only use a
temporary file when the file being processed is over 50,000 lines.
This issue should also affect FC3
From User-Agent: XML-RPC
texinfo-4.8-4.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.