Date: Fri, 21 Jan 2000 04:46:53 -0500 From: James Bailie <jazzturk@home.com> To: questions@freeBSD.org Cc: Dan Langille <dan@freebsddiary.org> Subject: Re: mktemp() possibly used unsafely; consider using mkstemp() Message-ID: <20000121044653.B1568@cr31617-a.lndn1.on.wave.home.co> In-Reply-To: <200001210902.WAA73869@ducky.nz.freebsd.org>; from dan@freebsddiary.org on Fri, Jan 21, 2000 at 10:02:11PM %2B1300 References: <200001210902.WAA73869@ducky.nz.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 10:02:11PM +1300, Dan Langille wrote: > Clues please. The man page is a good place to start. mkstemp() creates a temporary filename and opens it in one go, to avoid the race condition between testing for the file's existence and opening it. since the filenames generated by mkstemp() et al are guessable and repeat, a malefactor could cause files to be overwritten elsewhere via symbolic link chicanery. -- James Bailie http://members.home.net/jazzturk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000121044653.B1568>