Hi Peter, 2009/11/3 Peter Van Eynde <pvane...@debian.org>: > Hello Raphael, > > I don't know what went wrong there, but you're right it is still there, > however in the code you can read: > >> # Use a simple mkdir command. It is guaranteed to fail if the directory >> # already exists. $RANDOM is bash specific and expands to empty in >> shells >> # other than bash, ksh and zsh. Its use does not increase security; >> # rather, it minimizes the probability of failure in a very cluttered >> /tmp >> # directory. >> tmp=$TMPDIR/gt$$-$RANDOM >> (umask 077 && mkdir "$tmp") > > so the bashism is expected to degrade peacefully for non-bash scripts. > > I suppose that we can accept this behavior? >
Well, there are two issues here: one is the bashism and the other is a possible security issue (which is indeed mitigated by using mkdir; but only works if set -e). Why don't you just use mktemp(1)? it addresses both issues. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
