AUDIT: r15435 - gnucash/trunk - /tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
Derek Atkins
warlord at cvs.gnucash.org
Sat Jan 27 22:16:41 EST 2007
Author: warlord
Date: 2007-01-27 22:16:39 -0500 (Sat, 27 Jan 2007)
New Revision: 15435
Trac: http://svn.gnucash.org/trac/changeset/15435
Modified:
gnucash/trunk/
gnucash/trunk/lib/libqof/qof/qoflog.c
Log:
/tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
This could be a security issue if someone else, say, makes a symlink
to somewhere else. Instead, create a tempfile and then rename it
into place which is safe against the symlink attack.
Patch by Bill Nottingham <notting at redhat.com>
BP
More information about the gnucash-patches
mailing list