From 25fb13a24021f884b73d15e56b9b14e0e6d6e7ac Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kienan.stewart@burntworld.ca>
Date: Wed, 20 Jun 2018 17:45:16 -0400
Subject: [PATCH] Use mktemp to get the filename for storing the templating
 script

Using a fixed string could allow for abuse by anyone who has access to /tmp.
One could place a symbolic link to any file to cause it to be overwritten
when alternc.install is run.
---
 install/alternc.install | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/install/alternc.install b/install/alternc.install
index 10bcbacc..426a7f48 100644
--- a/install/alternc.install
+++ b/install/alternc.install
@@ -201,9 +201,7 @@ PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1)
 # Secret for PhpMyAdmin sessions
 PHPMYADMIN_BLOWFISH="$(generate_string 24)"
 
-# XXX: I assume this is secure if /tmp is sticky (+t)
-# we should have a better way to deal with templating, of course.
-SED_SCRIPT="/tmp/alternc.install.sedscript"
+SED_SCRIPT=$(mktemp)
 cat > $SED_SCRIPT <<EOF
 s\\%%hosting%%\\$HOSTING\\;
 s\\%%fqdn%%\\$FQDN\\;