On 2008-08-16 13:44 +0200, Tzafrir Cohen wrote: > On Fri, Aug 15, 2008 at 10:56:06PM +0200, Sven Joachim wrote: >> It opens precisely the can of worms that mktemp was supposed to close, >> see the mktemp(1) and mktemp(3) manpages. Look for "symlink attack" in >> your preferred Web search engine. > > And what BadThings happen due to that unlink?
An attacker may recreate the file as a symlink to some other file whose contents will be overwritten when your shell script later writes to it. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
