So over the past year or so one of the big security issues Debian and others
have spent a lot of time over is programs that create temporary files
insecurely. Generally the danger is that some privileged user could be
creating files in /tmp with fairly predictable names, and someone else could
slip a symlink in quickly, possibly forcing the user to overwrite a critical
file that the attacker doesn't have access to. (Forcing root to overwrite
/etc/passwd for example).
The solution is either to ensure that the temporary files are always created
with the O_EXCL and O_CREAT flags set, or to create a directory with
restricted permissions and create all the files in there.
In this case we can't really guarantee that all the methods create files using
these flags; even if we did go through all of them and made them all do so i'm
sure someone would turn up some platform where they didn't or use some
substitute program that didn't. So I suggest rcp put its temporary files in
/tmp/rcp-tmp-<usernaem>/rcp.<unique> to avoid the problem.
greg
