Martin Schulze wrote:
> This was not intentional by the author, he tried to use tempfile(1) to
> create the temporary filename. However, due to a thinko, the name was
> hardcoded into the script.
[...]
> +#NNTPactive=\`tempfile -p active\` #"/tmp/active.\$\$"
So now you're using tempfile? This usually yields an easily
predictable filename, for which the same exploits hold. Just keep an
eye out for the last PID issued, and OK, this time you might need to
flip a link (provided that tempfile indeed refuses to return a file
that is currently symlinked.)
Roger.
--
** [EMAIL PROTECTED] ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------
