Full_Name: Chris Zagar Version: 2.4.48 OS: Linux URL: Submission from: (NULL) (68.98.212.84)

/build/mkdep contains this line:

TMP=/tmp/mkdep$$

that forces the use of the /tmp directory. The /tmp directory is vulnerable to race conditions. The rest of OpenLDAP obeys the TMPDIR environment variable if it exists as a mitigation to this risk. Would you please consider changing this to:

TMP=${TMPDIR-/tmp}/mkdep$$

so this will obey TMPDIR as well?

Thank you.

Chris Zagar zagarc@oclc.org