projects / oweals / cde.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6c42732)
SECURITY fix for dtappintegrate: Use mktemp(1) to generate a template.
authorPascal Stumpf <Pascal.Stumpf@cubes.de>
Mon, 22 Jul 2013 22:59:23 +0000 (00:59 +0200)
committerJon Trulson <jon@radscan.com>
Mon, 22 Jul 2013 23:26:19 +0000 (17:26 -0600)
Using a fixed filename in /tmp is just begging for a symlink attack ...

cde/programs/dtappintegrate/dtappintegrate.src patch | blob | history

diff --git a/cde/programs/dtappintegrate/dtappintegrate.src b/cde/programs/dtappintegrate/dtappintegrate.src
index 6a4f8ab63f42f32359a0bd05a6576906be534995..3006a87d7687eca777c43c2e53b4b867e72d0044 100755 (executable)
--- a/cde/programs/dtappintegrate/dtappintegrate.src
+++ b/cde/programs/dtappintegrate/dtappintegrate.src
@@ -300,7 +300,7 @@ FRONTPANEL_FILES=*.fp
 APPMAN_FILES="(*)"
 
 ID=$(id)
-LOGFILE=/tmp/dtappint.log
+LOGFILE=$(mktemp /tmp/dtappint.logXXXXXXXXXXXXXXXX)
 PATH=CDE_INSTALLATION_TOP/bin:/usr/bin
 
 XCOMM -------------------------------------------------------------------
Unnamed repository; edit this file 'description' to name the repository.