-
Andrew Tridgell authored
temporary files were being created with the same permissions as the original file. So if the file was setuid but not owned by the user doing the transfer then there was a window of opportunity for a malicious user to execute it with the wrong permissions while it was being transferred. Thanks to snabb@epipe.fi for pointing this out.
22b19332