Christian Boltz wrote:
As I already wrote, $$ is guessable (it's just a number between 2 and 32567 (or larger? Don't ask. Anyway, it's guessable.)
Correct.
and if there's a nasty link in place it will fail.
Not in every case.
In your example you are using md which is an alias for "mkdir -p". "mkdir -p" was the source of some security flaws I found, but Derek is talking about "mkdir" without the -p option. Mkdir without -p will _always_ give you an error if there already is _anything_ with the same name (files, directories, symlinks, fifos...), so it is secure.
If an attacker wants to hit you, he just has to run
for i in `seq 2 33000 ; do ln -s /home/victim/Mail/ /tmp/aview_$i ; done
This will 'only' lead to denial of service (which you pointed out). But in case of an image viewer this is not really a threat. Apart from that, there are other, much easier ways to DoS SuSE/vanilla kernels if you are a local user. So if you are scared of DoS from local users, asciiview is your least concern. Btw, a nice read about creating tempfiles in shell programs can be found at [1], chapter 3.4 and 3.5. Regards nordi [1]http://www.linuxsecurity.com/articles/documentation_article-8886.html