AUDIT: r15435 - gnucash/trunk - /tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.

Derek Atkins warlord at cvs.gnucash.org
Sat Jan 27 22:16:41 EST 2007


Author: warlord
Date: 2007-01-27 22:16:39 -0500 (Sat, 27 Jan 2007)
New Revision: 15435
Trac: http://svn.gnucash.org/trac/changeset/15435

Modified:
   gnucash/trunk/
   gnucash/trunk/lib/libqof/qof/qoflog.c
Log:
/tmp/qof.trace or /tmp/gnucash.trace is opened for writing directly.
This could be a security issue if someone else, say, makes a symlink
to somewhere else.  Instead, create a tempfile and then rename it
into place which is safe against the symlink attack.
Patch by Bill Nottingham <notting at redhat.com>
BP





More information about the gnucash-patches mailing list