found 507482 2.9.26 thanks 2008/12/2 Adam D. Barratt <[EMAIL PROTECTED]>: > Hi, > > On Mon, 2008-12-01 at 19:38 -0600, Raphael Geissert wrote: >> Grepping the source code reveals other insecure usages of temp files: > [...] >> ./scripts/cvs-debrelease.sh:TEMPDIR=/tmp/$$ > [...] >> ./scripts/cvs-debi.sh:TEMPDIR=/tmp/$$
Also present in etch, marking this bug as such. > > Indeed; that was one of the first things I did after reading the report. > You missed one, however... Somehow I did :-/ > >> Btw, is there any reason why scripts/libvfork.c even exists? > > strace used to have problems following vfork()s correctly - see > http://lists.debian.org/debian-mentors/2000/07/msg00089.html > (dpkg-genbuilddeps was largely replaced by dpkg-depcheck, as far as I > can tell from the changelog). Oh, I didn't make the connection between libvfork and dpkg-depcheck (I only grepped for an include of the .c file, never for a .so). > > Not entirely sure what that has to with this bug report though. :-) flawfinder, rats, and friends complain about vfork(), and since I didn't find any reference to the file I though it was useless and decided to ask :). > > Regards, > > Adam > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Shelley Winters - "Whenever you want to marry someone, go have lunch with his ex-wife." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
