From: Micah Anderson <micah@riseup.net>
Date: Wed, 28 Sep 2005 14:47:51 +0000 (+0000)
Subject: Fixed insecure temporary file creation
X-Git-Tag: backupninja-0.9~10
X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fbackupninja.git;a=commitdiff_plain;h=d9d59cd6e90cb745d8886d6376a0ed97eb6761ef

Fixed insecure temporary file creation
---

diff --git a/backupninja b/backupninja
index e5c55ae..d52f4cd 100755
--- a/backupninja
+++ b/backupninja
@@ -305,7 +305,14 @@ function process_action() {
 	let "actions_run += 1"
 
 	# call the handler:
-	local bufferfile="/tmp/backupninja.buffer.$$"
+	[ if -x /bin/mktemp ]
+	then
+		local bufferfile=`mktemp /tmp/backupninja.buffer.XXXXXXXX`
+	else
+		DATE=`date`
+		sectmp=`echo $DATE | /usr/bin/md5sum | cut -d- -f1`
+		local bufferfile=/tmp/backupninja.buffer.$sectmp
+	fi
 	echo "" > $bufferfile
 	echo_debug_msg=1
 	(
diff --git a/changelog b/changelog
index 13b6cd1..8ba0ab5 100644
--- a/changelog
+++ b/changelog
@@ -1,4 +1,5 @@
 	removed erroneous magic file marker in pgsql handler
+	fixed insecure temporary file creation
 version 0.8 -- September 15 2005
 	added pgsql (PostgreSQL) handler, with vservers support.
 	added vservers support to duplicity handler