bug#15522: gzcmp/gzdiff + gznew shell scripts use temporary files unsafely

[Rich Burridge]

On 10/03/2013 06:47 PM, Paul Eggert wrote:
> Rich Burridge wrote:
> > it would be better for these commands to use mktemp
> That was done in gzip 1.3.10, released 2006-12-30.
> Is this not working for you?  If not, why not?

I can see mktemp usage in gzexe.in and zdiff.in, but the Solaris bug report
was suggesting the same sort of thing should be done in:

zdiff.in:

128                         else
129                           set -C
130                           tmp=${TMPDIR-/tmp}/$F.$$
131                         fi
132                         gzip -cdfq -- "$2" > "$tmp" || exit 2

and znew.in:

 63 set -C
 64 echo hi > $tmp || exit
 65 if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then

Sorry, I probably confused things by giving their Solaris g<name> names,
and by stating that gzcmp and gzdiff were hard-linked without actually 
checking
(because that's no longer true in the latest versions of the gzip 
distribution).