* Barak A. Pearlmutter <ba...@pearlmutter.net>, 2015-08-02, 07:56:
So what's needed is something that works if mktemp does not exist, and
is secure if mktemp does exist. Patch welcome!
In shell, you can set the -C (noclobber) option to create files
atomically. So something like this should work:
djvutext=$(mktemp /tmp/djXXXXXXXXXX.ps || ( set -C && umask 077 && :> /tmp/dj$$.ps
&& echo /tmp/dj$$.ps ) )
(On systems that lack mktemp, the names are still predictable, making
DoS attacks feasible. But meh, these systems should be upgraded to
Debian anyway. :-P)
--
Jakub Wilk
