Fixed insecure temporary file creation

diff --git a/backupninja b/backupninja
index e5c55aea505aef9912feafa5cb91ddc95fe42465..d52f4cdf45c9c76002b408d0ed446652c3d092f9 100755 (executable)
--- a/backupninja
+++ b/backupninja
@@ -305,7 +305,14 @@ function process_action() {
        let "actions_run += 1"
 
        # call the handler:
-       local bufferfile="/tmp/backupninja.buffer.$$"
+       [ if -x /bin/mktemp ]
+       then
+               local bufferfile=`mktemp /tmp/backupninja.buffer.XXXXXXXX`
+       else
+               DATE=`date`
+               sectmp=`echo $DATE | /usr/bin/md5sum | cut -d- -f1`
+               local bufferfile=/tmp/backupninja.buffer.$sectmp
+       fi
        echo "" > $bufferfile
        echo_debug_msg=1
        (

diff --git a/changelog b/changelog
index 13b6cd1e0756ea0f990d350c0288ad2dc85a49f7..8ba0ab5979b24927adacb0ad21a59da2ca577974 100644 (file)
--- a/changelog
+++ b/changelog
@@ -1,4 +1,5 @@
        removed erroneous magic file marker in pgsql handler
+       fixed insecure temporary file creation
 version 0.8 -- September 15 2005
        added pgsql (PostgreSQL) handler, with vservers support.
        added vservers support to duplicity handler