SECURITY fix for dtappintegrate: Use mktemp(1) to generate a template.

Using a fixed filename in /tmp is just begging for a symlink attack ...
2013-07-23 00:59:23 +02:00
parent 6c42732461
commit f9a70b5165
1 changed files with 1 additions and 1 deletions
--- a/cde/programs/dtappintegrate/dtappintegrate.src
+++ b/cde/programs/dtappintegrate/dtappintegrate.src
@@ -300,7 +300,7 @@ FRONTPANEL_FILES=*.fp
 APPMAN_FILES="(*)"

 ID=$(id)
-LOGFILE=/tmp/dtappint.log
+LOGFILE=$(mktemp /tmp/dtappint.logXXXXXXXXXXXXXXXX)
 PATH=CDE_INSTALLATION_TOP/bin:/usr/bin

 XCOMM -------------------------------------------------------------------