Hi,
On Fri, Apr 16, 2010 at 10:21:50PM +0200, David Sommerseth wrote:
> In a Debian bug report [1] there were worries that the --client-connect
> script hook was prune to a "symlink" attack. Even though this can
> be recognised if --tmp-dir is set to a world writable directory, it is not
> considered standard practice to do so.
>
> This patch-set replaces the previous suggested patch, with an enhancement
> suggested by Fabian Knittel. In addition create_temp_filename() is renamed
> to create_temp_file() to reflect the behvioural change in the function.
Overall, this looks good to me (with the additional changes by Fabian
and you). So ACK.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
