Date:         Wed, 10 May 2000 16:31:16 -0400
From: foo <foo@BLACKLISTED.INTRANOVA.NET>
Subject:      Possible symlink problems with Netscape 4.73
To: BUGTRAQ@SECURITYFOCUS.COM

It appears that Netscape 4.73 (and earlier versions) incorrectly creates
a temporary file in '/tmp' when importing certificates:

...
open("/tmp/tmp3919AA5000A07DC", O_WRONLY|O_CREAT|O_TRUNC, 0666) =
25
fchmod(25, 0600)                        = 0
fstat(25, {st_mode=0,st_size=0, ...})   = 0
...


Netscape doesn't try to stat()/lstat() the file beforehand, although it
wouldn't help much since open() uses O_TRUNC without O_EXCL(which is the
problem in itself).

I sent a small note about this to Netscape a number of months ago and have
not received a reply. (am I possibly missing something here?, *shrug*)
Not a big bug, but a bug nonetheless =)