o Clean up tmp file usage a little by using mkstemp(3) instead of

  mktemp(3).  It would be amazingly unlikely, but the former method
  could result in a symlink attack.  A better solution would use
  ${TMPDIR}, though.
o Make sed not overwrite old backup files with no warning.

1 files changed, 6 insertions, 5 deletions

diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c
index cb091f4..2250d5a 100644
--- a/usr.bin/sed/main.c
+++ b/usr.bin/sed/main.c
@@ -434,20 +434,21 @@ inplace_edit(filename)
 	if (*inplace == '\0') {
 		char template[] = "/tmp/sed.XXXXXXXXXX";
 
-		if (mktemp(template) == NULL)
-			err(1, "mktemp");
+		output = mkstemp(template);
+		if (output == -1)
+			err(1, "mkstemp");
 		strlcpy(backup, template, MAXPATHLEN);
 	} else {
 		strlcpy(backup, *filename, MAXPATHLEN);
 		strlcat(backup, inplace, MAXPATHLEN);
+		output = open(backup, O_WRONLY | O_CREAT | O_EXCL);
+		if (output == -1)
+			err(1, "open(%s)", backup);
 	}
 
 	input = open(*filename, O_RDONLY);
 	if (input == -1)
 		err(1, "open(%s)", *filename);
-	output = open(backup, O_WRONLY|O_CREAT);
-	if (output == -1)
-		err(1, "open(%s)", backup);
 	if (fchmod(output, orig.st_mode & ~S_IFMT) == -1)
 		err(1, "chmod");
 	buffer = malloc(orig.st_size);