From 105b5d3fbb1c00bb0aeaf9d3e0fbe26a7b1993fc Mon Sep 17 00:00:00 2001
From: David Aguilar <davvid@gmail.com>
Date: Fri, 13 Jun 2014 14:43:48 -0700
Subject: [PATCH] gitk: Use mktemp -d to avoid predictable temporary
 directories

gitk uses a predictable ".gitk-tmp.$PID" pattern when generating
a temporary directory.

Use "mktemp -d .gitk-tmp.XXXXXX" to harden gitk against someone
seeding /tmp with files matching the pid pattern.

Signed-off-by: David Aguilar <davvid@gmail.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
---
 gitk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gitk b/gitk
index c666435204..41e5071c4b 100755
--- a/gitk
+++ b/gitk
@@ -3503,7 +3503,8 @@ proc gitknewtmpdir {} {
 	} else {
 	    set tmpdir $gitdir
 	}
-	set gitktmpdir [file join $tmpdir [format ".gitk-tmp.%s" [pid]]]
+	set gitktmpformat [file join $tmpdir ".gitk-tmp.XXXXXX"]
+	set gitktmpdir [exec mktemp -d $gitktmpformat]
 	if {[catch {file mkdir $gitktmpdir} err]} {
 	    error_popup "[mc "Error creating temporary directory %s:" $gitktmpdir] $err"
 	    unset gitktmpdir
-- 
2.11.4.GIT