updated ed patch explanation

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2421 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

1 files changed, 6 insertions, 7 deletions

diff --git a/chapter06/ed-inst.xml b/chapter06/ed-inst.xml
index 093273360..fa2e62e03 100644
--- a/chapter06/ed-inst.xml
+++ b/chapter06/ed-inst.xml
@@ -8,13 +8,12 @@ because it can be used by the patch program if you encounter an ed-based patch
 file. This happens rarely because diff-based patches are preferred these
 days.</para></note>
 
-<para>This package requires its patch to be applied before you can
-install it. This patch fixes a symlink vulnerability in
-<userinput>ed</userinput>. The <userinput>ed</userinput> executable
-creates files in <filename class="directory">/tmp</filename> with
-predictable names. By using various symlink attacks, it is possible
-to have ed write to files it should not, change the permissions of
-files, etc.</para>
+<para>Ed uses mktemp to create temporary files in <filename
+class="directory">/tmp</filename>, but this function has a security
+vulnerability (see section on Temporary Files in
+<ulink url="http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html"/>).
+This patch makes Ed use mkstemp instead, which is the recommended way to
+create temporary files.</para>
 
 <para>Apply the patch:</para>