Security fix patch. Fix insecure temporary file and directory creations. (CAN-2004-0231)

lib/cedit.menu

@@ -454,7 +454,7 @@ s       Invoke `shell'
 
 m       view `man'
         MAN=%{Enter name of man:}
-        TMPFILE=/tmp/mcview.$MAN.$$
+        TMPFILE=`mktemp ${MC_TMPDIR:-/tmp}/mcview.$MAN.XXXXXX` || exit 1
         man -Pcat $MAN >$TMPFILE
         mcview $TMPFILE
         rm -f $TMPFILE

lib/mc.menu

@@ -14,9 +14,10 @@ shell_patterns=0
 	
 
 0       Edit a bug report and send it to root
-        ${EDITOR-vi} /tmp/mail.$$
-	test -r /tmp/mail.$$ && mail root < /tmp/mail.$$
-	rm -f /tmp/mail.$$
+	I=`mktemp ${MC_TMPDIR:-/tmp}/mail.XXXXXX` || exit 1
+	${EDITOR-vi} $I
+	test -r $I && mail root < $I
+	rm -f $I
 
 =+ f \.1$ | f \.3$ | f \.4$ | f \.5$ | f \.6$ | f \.7$ | f \.8$ | f \.man$ & t r
 1       Display the file with roff -man
@@ -116,8 +117,9 @@ h       Strip headers from current newsarticle
 	CHECK=`awk '{print $1 ; exit}' %f` 2>/dev/null
 	case $CHECK in
 	  Newsgroups:|Path:)
-	      cp %f /tmp/%f.$$ && sed '/^'"$CHECK"' /,/^$/d' /tmp/%f.$$ > %f
-              [ "$?" = "0" ] && rm /tmp/%f.$$
+	      I=`mktemp ${MC_TMPDIR:-/tmp}/news.XXXXXX` || exit 1
+	      cp %f $I && sed '/^'"$CHECK"' /,/^$/d' $I > %f
+              [ "$?" = "0" ] && rm $I
 	      echo %f: header removed
 		;;
 	  *)
@@ -130,7 +132,7 @@ H       Strip headers from the marked newsarticles
 	set %t
 	while [ -n "$1" ]; do
 	  CHECK=`awk '{print $1 ; exit}' $1` 2>/dev/null
-	  WFILE=/tmp/${1}.$$
+	  WFILE=`mktemp ${MC_TMPDIR:-/tmp}/news.XXXXXX` || exit 1
 	  case $CHECK in
 	    Newsgroups:|Path:)
 	      cp $1 $WFILE && sed '/^'"$CHECK"' /,/^$/d' $WFILE > $1