Hi Sven, * Sven Joachim <[EMAIL PROTECTED]> [2008-08-15 15:40]: > > I raised the severity to critical as a lot of shell scripts > > in Debian rely on this data being random. > > Why is that important? The purpose of mktemp is to return a unique > filename and to actually create the file. Can you describe an attack > based on the non-randomness of the filename?
I already lowered it again because of O_EXCL and 0600 mode. It's still a vulnerability as mktemp has a -u switch which unlinks the file after creation. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpneHr8KNwbj.pgp
Description: PGP signature
