[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#278283: insecure temporary file usage in gettextize and autopoin
From: |
Paul Jarc |
Subject: |
Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 11:00:03 -0400 |
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) |
Bruno Haible <address@hidden> wrote:
> Not bad, but still not perfect: mktemp is not a POSIX standardized
> utility, and $RANDOM is bash specific.
What sort of threat are you trying to defend against? Even if mktemp
is not available, and even if $RANDOM is empty, mkdir will still
either create a new directory or correctly fail. It won't let you use
an existing directory (or symlink to a directory).
paul