Amad3us Anonymous (if that is his/her *real* name wrote:
Antonomasia says:
Real paranoiacs don't put temporary files in world-writeable directories.
If a hostile user symlinks your majordomo binary (or something) to /tmp/.sig999 you're going to overwrite it with garbage.
Sure. But have you looked at pgp2 source code? (smirks).
(Hint, temporary files all over the place.)
For you old farts who have not been out in the real world for a while, you should make note of the fact that the price of memory has dropped, and it is now feasible to implement RAM disks to store temporary files. You can also direct a program to use a RAM trash-disk for its temporary files, wiping it immediately after use without having to worry about fucking up your other temporary files.