Re: temp files for security/logcheck

From: Kris Kennaway (kris@obsecurity.org)
Date: 03/11/01


Date: Sat, 10 Mar 2001 22:53:46 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Dan Langille <dan@langille.org>


On Sun, Mar 11, 2001 at 05:47:58PM +1300, Dan Langille wrote:
> AFAIK, the files disappear each time the script is run:
>
> umask 077
> rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$

[...]

Blah, that's an insecure way to create files in $TMPDIR (which is
usually /tmp). It needs to use mktemp(1).

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message