Better way to install databases atomically, using rsync (no symlink attack)
1 files changed, 1 insertions(+), 2 deletions(-) M fetch-sanesecurity-sigs
M fetch-sanesecurity-sigs +1 -2
@@ 218,8 218,7 @@ do # Now we can actually install this database echo "Installing $db_name into $clamd_dbdir/sanesecurity-$db_name" - if cp -p "$db" "$clamd_dbdir/sanesecurity-$db_name.tmp" && \ - mv -f "$clamd_dbdir/sanesecurity-$db_name.tmp" "$clamd_dbdir/sanesecurity-$db_name" + if rsync -p "$db" "$clamd_dbdir/sanesecurity-$db_name" then installed=$((installed+1))