Hi, > > mc 4.5.0 creates a temporary file in /tmp when it's started. > > It's called talk.fish and has the mode 644. If a user would link the > > file to /etc/passwd or anything else, when the root would start mc, the > > file would be erased. > It was me who added talk.fish file (and it kind of escaped me, sorry), > it is debugging hack and it is currently disabled in my tree (and > CVS). Workaround is: > create /tmp/talk.fish yourself, so that noone can put symlink there and remember to disable the tmpdir cleanup script ... > What is worse, they are probably going to > stay there until someone invents safe & portable way of how to work > with temporary files from shell. I'd modify your example to: TMPDIR=/tmp/mctmpdir.$$ umask 027 # or 077 rm -rf $TMPDIR mkdir $TMPDIR || exit 1 do_something > $TMPDIR/file do_something_else < $TMPDIR/file rm -rf $TMPDIR > (Actually, is this safe? It might be safe & portable, unfortunately, > it is also slow & ugly) this is safe and portable. another portable way which works on any sh/bash script is creating the files safely before using them for input/output redirection: TMP_FILE_1=/tmp/.mystuff1.$$ rm -rf $TMP_FILE_1 set -o noclobber > $TMP_FILE_1 || exit 1 set +o noclobber but the best and fastest (and not so portable way, but protects better against denial-of-service attacks than the other two) is: TMP_FILE=`mktemp /tmp/.myfileXXXXXX` || exit 1 Mit freundlichen Gruessen, Marc Heuse This message and any statements expressed therein are those of myself and not of the Deutsche Bank AG or its subsidiary companies. Type Bits/KeyID Date User ID pub 2048/DB5C03C5 1997/09/23 Marc Heuse <marc.heuseat_private> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzQnbFEAAAEIAL/tj4hn/DVjEWAZhuqRdxZQDy5B+gZbE0CD/mUnZqpem+9L KY+I8te7jMfTQExzqn5jYb5BaibT0SbEBWSx9Gha8EiBLAVcAjvrXpV+HJLcnPRG YDk5a3s7GrA+QVHbbd9DWgqjMfUMw9oUDAhhjgK20SeOtFGBD2U17GkQF6TK7EjC CTOuz2Hx/tisDuroJJnxZdbLNvCceOf/D/bbFcR7DfnEJWJ3f9JC4fibZMlX5rXL Ct/TKhZMd4d42uL7L4KvkT5JCnFuEw1jRDPpBjZ030cK2uWCM//iEVLGmGKOs6Pg o3Lfnnd6I6bTPHgrNsapNWmocbIGDC/4w9tcA8UABRG0Jk1hcmMgSGV1c2UgPG1h cmMuaGV1c2VAbWFpbC5kZXViYS5jb20+iQEVAwUQNCdsUQwv+MPbXAPFAQFWEwf5 AWt6PbKLLCCBPnzBMdXatKEJvNzrZRXNSpbgKQUDAKApRUnOkDJ9yp3tfJG0/BsL XBf+ldmjjoo/OZeWhIhNb71bbCs8BK7/YK5LKef2eq4pzSiWYosrOfjlfyOVhAiP AiWYtK/HBELy6Zs8QwoPX0QX0+R2+ocMS0TDz7nwBgO5wcj3yMU0geTrnlDpJdj1 RgFQLE6T9qO5coRjj1EAoT5gQMxP9L4TQuifYiQ6S2vh6blr3amjPohKSDzZ62/x rQ1KMXJd7MlMQndn8UwKt4XgoFIsZOFRrkDiXfm6zFnH40UcotoA+Ygojp52+Y6A MuixTDbuf3Jph2jEG6r4Dw== =/n63 -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:42 PDT