Description Vic Fryzel (shellsage) (RETIRED) 2006-12-31 08:46:39 UTC

The file gentestcrt.sh distributed with net-www/mod_ssl makes insecure usage of files in /tmp.  The directory /tmp/tmpssl-$$ is created.  A local attacker could run a script to wait for the gentestcrt.sh process to start, and get the process ID of the script.  Then, the attacker could create that directory before the script had a chance, and create symlinks in the directory.  Since the files used by gentestcrt.sh could already exist as symlinks, the overwriting of arbitrary files on the filesystem would be possible.  Please create these temporary files using either `tempfile` or `mktemp`.