<<< Date Index >>>     <<< Thread Index >>>

Re: bug#1732: marked as done (mutt auto_view insecure temp file creation)



On Sun, Dec 07, 2003 at 06:03:22PM +0100, GUUG bug Tracking System wrote:
> On 2003-12-07 12:26:48 +0100, Artur R.Czechowski wrote:

> > It seems mutt always picks the same filename when autoviewing
> > HTML mime parts, /tmp/mutt.html. Depending on how careful it is
> > about opening the file, this could result in all sorts of
> > trouble. Suggest using tmpfile(3) or something similar instead. 
> 
> mutt is as careful about opening that file as it is about opening a
> temporary file whose name was generated using tmpfile -- in fact,
> when mutt.html is not available, mutt will use a tmpfile-like
> mechanism for making up a new file name.

[-- Automuestra usando lynx -dump -force-html '/tmp/muttrUpdTk' --]

and:

$ LC_ALL=C ls -ld /tmp/mutt.html
ls: /tmp/mutt.html: No such file or directory

would seem to indicate that some sort of tmpfile-like mechanism is used anyway.

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpCZvEX7NNkU.pgp
Description: PGP signature