subject:"Bug#964366\: \[aristocratos\/bashtop\] \[BUG\] insecure use of \/tmp \(#161\)"

Bug#964366: [aristocratos/bashtop] [BUG] insecure use of /tmp (#161)

2020-07-07 Thread Jakub Wilk


* Dylan Aïssi , 2020-07-06, 15:13:

pytmpdir=$(mktemp -d "${TMPDIR:-/tmp}"/)
pywrapper=$(mktemp "${pytmpdir}"/bashtop.psutil.)

Should fix the issue.


Does the proposed fix by upstream look good to you?


It's mostly OK, but:
- mktemp(1) can fail, and this failure should not be ignored;
- there's no need for two mktemp calls.

Something like this should work:

  pytmpdir=$(mktemp -d "${TMPDIR:-/tmp}"/bashtop.XX) || exit 1
  pywrapper=${pytmpdir}/psutil

--
Jakub Wilk

Bug#964366: [aristocratos/bashtop] [BUG] insecure use of /tmp (#161)

2020-07-06 Thread Dylan Aïssi

Hi Jakub,

Le lun. 6 juil. 2020 à 13:29, aristocratos  a écrit :
>
> pytmpdir=$(mktemp -d "${TMPDIR:-/tmp}"/)
> pywrapper=$(mktemp "${pytmpdir}"/bashtop.psutil.)
>
> Should fix the issue.
>

Does the proposed fix by upstream look good to you?

Best,
Dylan

Bug#964366: [aristocratos/bashtop] [BUG] insecure use of /tmp (#161)

Bug#964366: [aristocratos/bashtop] [BUG] insecure use of /tmp (#161)

2 matches

Site Navigation

Mail list logo

Footer information