updated ed patch explanation

git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@2421 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689

chapter06/ed-inst.xml

@@ -8,13 +8,12 @@ because it can be used by the patch program if you encounter an ed-based patch
 file. This happens rarely because diff-based patches are preferred these
 days.</para></note>
 
-<para>This package requires its patch to be applied before you can
-install it. This patch fixes a symlink vulnerability in
-<userinput>ed</userinput>. The <userinput>ed</userinput> executable
-creates files in <filename class="directory">/tmp</filename> with
-predictable names. By using various symlink attacks, it is possible
-to have ed write to files it should not, change the permissions of
-files, etc.</para>
+<para>Ed uses mktemp to create temporary files in <filename
+class="directory">/tmp</filename>, but this function has a security
+vulnerability (see section on Temporary Files in
+<ulink url="http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html"/>).
+This patch makes Ed use mkstemp instead, which is the recommended way to
+create temporary files.</para>
 
 <para>Apply the patch:</para>