From d9d59cd6e90cb745d8886d6376a0ed97eb6761ef Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Wed, 28 Sep 2005 14:47:51 +0000
Subject: [PATCH] Fixed insecure temporary file creation

---
 backupninja | 9 ++++++++-
 changelog   | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/backupninja b/backupninja
index e5c55aea..d52f4cdf 100755
--- a/backupninja
+++ b/backupninja
@@ -305,7 +305,14 @@ function process_action() {
 	let "actions_run += 1"
 
 	# call the handler:
-	local bufferfile="/tmp/backupninja.buffer.$$"
+	[ if -x /bin/mktemp ]
+	then
+		local bufferfile=`mktemp /tmp/backupninja.buffer.XXXXXXXX`
+	else
+		DATE=`date`
+		sectmp=`echo $DATE | /usr/bin/md5sum | cut -d- -f1`
+		local bufferfile=/tmp/backupninja.buffer.$sectmp
+	fi
 	echo "" > $bufferfile
 	echo_debug_msg=1
 	(
diff --git a/changelog b/changelog
index 13b6cd1e..8ba0ab59 100644
--- a/changelog
+++ b/changelog
@@ -1,4 +1,5 @@
 	removed erroneous magic file marker in pgsql handler
+	fixed insecure temporary file creation
 version 0.8 -- September 15 2005
 	added pgsql (PostgreSQL) handler, with vservers support.
 	added vservers support to duplicity handler
-- 
GitLab