From owner-freebsd-questions  Fri Jan 21  1:43:39 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from ducky.nz.freebsd.org (chilled.unixathome.org [203.79.82.27])
	by hub.freebsd.org (Postfix) with ESMTP id F0866154EB
	for <questions@FreeBSD.ORG>; Fri, 21 Jan 2000 01:43:31 -0800 (PST)
	(envelope-from dan@freebsddiary.org)
Received: from wocker (wocker.int.nz.freebsd.org [192.168.0.99])
	by ducky.nz.freebsd.org (8.9.3/8.9.3) with ESMTP id WAA74099;
	Fri, 21 Jan 2000 22:43:24 +1300 (NZDT)
Message-Id: <200001210943.WAA74099@ducky.nz.freebsd.org>
From: "Dan Langille" <dan@freebsddiary.org>
Organization: The FreeBSD Diary
To: James Bailie <jazzturk@home.com>
Date: Fri, 21 Jan 2000 22:43:21 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: mktemp() possibly used unsafely; consider using mkstemp()
Reply-To: dan@freebsddiary.org
Cc: questions@FreeBSD.ORG
In-reply-to: <20000121044653.B1568@cr31617-a.lndn1.on.wave.home.co>
References: <200001210902.WAA73869@ducky.nz.freebsd.org>; from dan@freebsddiary.org on Fri, Jan 21, 2000 at 10:02:11PM +1300
X-mailer: Pegasus Mail for Win32 (v3.12b)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 21 Jan 00, at 4:46, James Bailie wrote:

> On Fri, Jan 21, 2000 at 10:02:11PM +1300, Dan Langille wrote:
> 
> > Clues please.
> 
> The man page is a good place to start. mkstemp() creates a temporary
> filename and opens it in one go, to avoid the race condition between
> testing for the file's existence and opening it. since the filenames
> generated by mkstemp() et al are guessable and repeat, a malefactor could
> cause files to be overwritten elsewhere via symbolic link chicanery.

Thanks.  But the clues I want are those which enable this port to build.  
And more specifically, why does it build on one box and not the other.  
Same tarballs, etc.

Or more interestingly, if mktemp() is such a problem, why does one box 
allow it?


--
Dan Langille - DVL Software Limited [I'm looking for more work]
The FreeBSD Diary     - http://www.freebsddiary.org/freebsd/
NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/
The Racing System     - http://www.racingsystem.com/racingsystem.htm
unix @ home           - http://www.unixathome.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message