Rogier Wolff writes:
> Martin Schulze wrote:
>> This was not intentional by the author, he tried to use tempfile(1) to
>> create the temporary filename. However, due to a thinko, the name was
>> hardcoded into the script.
> [...]
>> +#NNTPactive=\`tempfile -p active\` #"/tmp/active.\$\$"
>
> So now you're using tempfile? This usually yields an easily
> predictable filename, for which the same exploits hold. Just keep
> an eye out for the last PID issued, and OK, this time you might need
> to flip a link (provided that tempfile indeed refuses to return a
> file that is currently symlinked.)
tempfile opens the chosen filename using O_CREAT|O_EXCL. If there is
a link there, this means it will get EEXIST. (What tempfile then does
is to pick another name and try again.)
So, I believe the proposed fix is safe.
ttfn/rjk
