Date: Sat, 10 Mar 2001 22:53:46 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Dan Langille <dan@langille.org> Cc: Pete Fritchman <petef@databits.net>, security@freebsd.org Subject: Re: temp files for security/logcheck Message-ID: <20010310225345.A14180@mollari.cthul.hu> In-Reply-To: <200103110447.f2B4lww04741@ns1.unixathome.org>; from dan@langille.org on Sun, Mar 11, 2001 at 05:47:58PM %2B1300 References: <200103110435.f2B4ZHw04676@ns1.unixathome.org>; <20010310234519.A68252@databits.net> <200103110447.f2B4lww04741@ns1.unixathome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 11, 2001 at 05:47:58PM +1300, Dan Langille wrote: > AFAIK, the files disappear each time the script is run: >=20 > umask 077 > rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$=20 [...] Blah, that's an insecure way to create files in $TMPDIR (which is usually /tmp). It needs to use mktemp(1). Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6qyD5Wry0BWjoQKURAgttAJ9+w1p/1Q4GroTPduDbUIailWwaRwCg/Aiu mSWpHt+hC0L43PQH/7n941Q= =B5IU -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010310225345.A14180>