cron sendmail output

Paul Verrall mrverrall at
Fri Aug 2 04:26:51 EDT 2013

Quite right Jonathan, thanks for pointing this out. This sort of thing
is really bad practice.

What we should be looking to do is adding a proper log file location
to /var/log and ensuring the correct permissions. Additionally an
accompanying logrotate config should be added to to stop things
growing for ever more.

However, as get_iplayer's output does not contain any sensitive info,
and more importantly the output is not read back into a process, we're
probably safe in this instance, probably.

On 1 August 2013 19:22, Jonathan Wiltshire <jmw at> wrote:
> On 2013-08-01 10:40, Paul Verrall wrote:
>> /usr/local/bin/get_iplayer --pvr 2>>/tmp/get_iplayer.log
> There's an unsafe-use-of-temporary-files attack here.
> --
> Jonathan Wiltshire                                      jmw at
> Debian Developer               
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
> <directhex> i have six years of solaris sysadmin experience, from
>             8->10. i am well qualified to say it is made from bonghits
>                         layered on top of bonghits
> _______________________________________________
> get_iplayer mailing list
> get_iplayer at

More information about the get_iplayer mailing list