Trustix Linux released an advisory and patched glibc to fix insecure tempfile
handling. After checking cvs, I noticed that this patch was never applied (and
never sent upstream as far as I can tell).
Created attachment 226 [details]
Modified patch from trustix linux to work with the current glibc cvs tree.
Can anyone confirm the validity of this patch?
There is no bug report here. A patch without any claims of what the real
problems are that it fixes, is always ignored.
The catchsegv fix is in CVS (well, different patch), the other changes