From owner-freebsd-questions Fri Jan 21 1:36:53 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cr31617-a.lndn1.on.wave.home.com (cr31617-a.lndn1.on.wave.home.com [24.112.227.163]) by hub.freebsd.org (Postfix) with ESMTP id D690E15456 for ; Fri, 21 Jan 2000 01:35:33 -0800 (PST) (envelope-from jbailie@cr31617-a.lndn1.on.wave.home.com) Received: (from jbailie@localhost) by cr31617-a.lndn1.on.wave.home.com (8.9.3/8.9.3) id EAA01688; Fri, 21 Jan 2000 04:46:54 -0500 (EST) (envelope-from jbailie) Date: Fri, 21 Jan 2000 04:46:53 -0500 From: James Bailie To: questions@freeBSD.org Cc: Dan Langille Subject: Re: mktemp() possibly used unsafely; consider using mkstemp() Message-ID: <20000121044653.B1568@cr31617-a.lndn1.on.wave.home.co> References: <200001210902.WAA73869@ducky.nz.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200001210902.WAA73869@ducky.nz.freebsd.org>; from dan@freebsddiary.org on Fri, Jan 21, 2000 at 10:02:11PM +1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Jan 21, 2000 at 10:02:11PM +1300, Dan Langille wrote: > Clues please. The man page is a good place to start. mkstemp() creates a temporary filename and opens it in one go, to avoid the race condition between testing for the file's existence and opening it. since the filenames generated by mkstemp() et al are guessable and repeat, a malefactor could cause files to be overwritten elsewhere via symbolic link chicanery. -- James Bailie http://members.home.net/jazzturk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message