[GRASS5] [bug #2877] (grass) Insecure tempfile creation
Hamish
hamish_nospam at yahoo.com
Tue Jan 18 02:43:06 EST 2005
[thanks for the 5.0.3 patch Marga]
Just an update re. less-insecure tempfiles ..
In the upstream GRASS 5.7 CVS[*] pretty much everything in the scripts/
directory now uses g.tempfile. C modules are next. I am not sure what to
do with the init scripts & libs where the GRASS tempfile fn's may not be
available..
These fixes are not in Steve Halasz's grass 6.0beta1 grass package[**],
I'm not sure when 6beta2 will be but maybe Steve & co. are willing to
backport these changes to 6beta1 and push for that to get into Sarge.
[*] http://freegis.org/cgi-bin/viewcvs.cgi/grass51/
[**] http://pkg-grass.alioth.debian.org/cgi-bin/wiki.pl
a number of the instances on the offender list were actually commented
out, etc.
still to look at:
lib/db/stubs/BUILD.PROTO
lib/db/dbmi_driver/mk_dbstubs_h.sh
lib/gis/unix_socks.c
lib/gis/gislib.dox
lib/gis/win32_pipes.c
lib/init/init.sh
lib/init/make_location_epsg_g57.sh
raster/r.terraflow/description.html
raster/r.terraflow/main.cc
regards,
Hamish
More information about the grass-dev
mailing list