On Fri, Aug 15, 2008 at 10:56:06PM +0200, Sven Joachim wrote: > On 2008-08-15 21:16 +0200, Andrei Popescu wrote: > > > On Fri,15.Aug.08, 16:05:13, Sven Joachim wrote: > >> However, Nico Golde informed me that mktemp has a `-u' switch which will > >> unlink the file before mktemp exits. If you use that, the easy-to-guess > >> filename becomes a severe problem. > > > > I must be dense, could you please elaborate on how this can be a > > problem? > > It opens precisely the can of worms that mktemp was supposed to close, > see the mktemp(1) and mktemp(3) manpages. Look for "symlink attack" in > your preferred Web search engine.
And what BadThings happen due to that unlink? -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
