diff options
| author | David Aguilar <davvid@gmail.com> | 2014-06-13 14:43:48 -0700 |
|---|---|---|
| committer | Paul Mackerras <paulus@samba.org> | 2014-06-15 11:35:50 +1000 |
| commit | 105b5d3fbb1c00bb0aeaf9d3e0fbe26a7b1993fc (patch) | |
| tree | 35b486acec809cfc69bc1fed99ff5afc2d46fd72 | |
| parent | c7664f1a8c6d40acf8221ba620a3193dec411f8c (diff) | |
| download | git-105b5d3fbb1c00bb0aeaf9d3e0fbe26a7b1993fc.tar.gz | |
gitk: Use mktemp -d to avoid predictable temporary directories
gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
a temporary directory.
Use "mktemp -d .gitk-tmp.XXXXXX" to harden gitk against someone
seeding /tmp with files matching the pid pattern.
Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
| -rwxr-xr-x | gitk | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -3503,7 +3503,8 @@ proc gitknewtmpdir {} { } else { set tmpdir $gitdir } - set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]] + set gitktmpformat [file join $tmpdir ".gitk-tmp.XXXXXX"] + set gitktmpdir [exec mktemp -d $gitktmpformat] if {[catch {file mkdir $gitktmpdir} err]} { error_popup "[mc "Error creating temporary directory %s:" $gitktmpdir] $err" unset gitktmpdir |