Remove use of predictable directories
avindra opened this issue · comments
Avindra Goolcharan commented
Valuable feedback from @cboltz:
I just had a quick look at the vendor-* scripts, and both seem to use
fixed or predictable filenames in /tmp/ or /dev/shm/. Both directories
are world-writeable, which makes this a possible security issue (for
example allowing symlink attacks).
Please use mktemp -d to create a temporary directory in a secure
way.