From: David Aguilar Date: Fri, 13 Jun 2014 21:43:48 +0000 (-0700) Subject: gitk: Use mktemp -d to avoid predictable temporary directories X-Git-Tag: v2.1.0-rc0~73^2~2 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/105b5d3f gitk: Use mktemp -d to avoid predictable temporary directories gitk uses a predictable ".gitk-tmp.$PID" pattern when generating a temporary directory. Use "mktemp -d .gitk-tmp.XXXXXX" to harden gitk against someone seeding /tmp with files matching the pid pattern. Signed-off-by: David Aguilar Signed-off-by: Paul Mackerras --- diff --git a/gitk b/gitk index c666435204..41e5071c4b 100755 --- a/gitk +++ b/gitk @@ -3503,7 +3503,8 @@ proc gitknewtmpdir {} { } else { set tmpdir $gitdir } - set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]] + set gitktmpformat [file join $tmpdir ".gitk-tmp.XXXXXX"] + set gitktmpdir [exec mktemp -d $gitktmpformat] if {[catch {file mkdir $gitktmpdir} err]} { error_popup "[mc "Error creating temporary directory %s:" $gitktmpdir] $err" unset gitktmpdir