Hi, On Mon, 2008-12-01 at 19:38 -0600, Raphael Geissert wrote: > Grepping the source code reveals other insecure usages of temp files: [...] > ./scripts/cvs-debrelease.sh:TEMPDIR=/tmp/$$ [...] > ./scripts/cvs-debi.sh:TEMPDIR=/tmp/$$
Indeed; that was one of the first things I did after reading the report. You missed one, however... > Btw, is there any reason why scripts/libvfork.c even exists? strace used to have problems following vfork()s correctly - see http://lists.debian.org/debian-mentors/2000/07/msg00089.html (dpkg-genbuilddeps was largely replaced by dpkg-depcheck, as far as I can tell from the changelog). Not entirely sure what that has to with this bug report though. :-) Regards, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
