[GRASS5] [bug #2877] (grass) Insecure tempfile creation
Paul Kelly
paul-grass at stjohnspoint.co.uk
Wed Dec 29 17:18:29 EST 2004
On Wed, 29 Dec 2004, Roger Bivand wrote:
> On Wed, 29 Dec 2004, Steve Halasz wrote:
>
>> I've been working on this package and the few examples I checked are
>> still in the 5.7.0 release. I suspect they are in CVS as well. That's
>> why I took the liberty of forwarding this bug to the grass bug system.
>> As far as debian goes, it is probably best to patch the 5.0.3 package in
>> most cases since that has the best chance of making it into the next
>> release. I don't think it would be hard in most cases to forward port
>> these fixes.
>
> Thanks for doing this - the GRASS developers are so few and have their
> noses so close to the wheel, that seeing things like this, which are
> vital, can be hard. If a per-session temporary directory is a good
> solution, there may be code in the R codebase that can help, because that
I think g.tempfile is the 'correct' way to create temporary files in GRASS
scripts.
But no one ever said GRASS was secure. In fact I thought the general
consensus was that it was riddled with security-related bugs? (Especially
versions < 5.7 where there is lots of code that hasn't been touched for
many years)
Paul
More information about the grass-dev
mailing list