vail.sz...@sydney.edu.au schrieb:
I wrote a while ago:
I slightly wonder about the writing of the tmp file
open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
from within gs (no O_EXCL so would follow a symlink allowing clobber).
It is not for gs to verify the security of the tmp file passed as
argument (it cannot do that), but gv should pre-create the file in
a safe way.
I cannot find a problem there. GNU gv creates the file as follows:
(ps.c, psscan()): filename_dsc=file_getTmpFilename(NULL,filename_raw);
where getTmpFilename itself uses mkstemp to create the file (assuming
mkstemp is available on your system, which is the case on GNU/Linux).
Have verified that the permissions are 600 after getTmpfilename().
Greetungs from Germany
Markus Steinborn
GNU gv maintainer
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
