severity 496424 wishlist retitle 496424 Generate temporary directory with mktemp thanks
Dmitry E. Oboukhov wrote: > Package: firehol > Severity: grave > > Hi, maintainer! > Even if you create files or directories with help of function 'RANDOM' > or pid(), then your system is not protected. Attacker can create many > symlinks in order to destroy your data or create 'denial of service' > for your package scripts. This is a false positive, firehol generates it's temporary directory with FIREHOL_DIR="/tmp/.firehol-tmp-$$-${RANDOM}-${RANDOM}", which would require an attacker to create 1073741824*PID-RANGE symlinks Using mktemp would certainly be a cleaner solution, though. As such I'm retitling the bug for now. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]