Date: Fri, 21 Jan 2000 22:43:21 +1300 From: "Dan Langille" <dan@freebsddiary.org> To: James Bailie <jazzturk@home.com> Cc: questions@FreeBSD.ORG Subject: Re: mktemp() possibly used unsafely; consider using mkstemp() Message-ID: <200001210943.WAA74099@ducky.nz.freebsd.org> In-Reply-To: <20000121044653.B1568@cr31617-a.lndn1.on.wave.home.co> References: <200001210902.WAA73869@ducky.nz.freebsd.org>; from dan@freebsddiary.org on Fri, Jan 21, 2000 at 10:02:11PM %2B1300
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Jan 00, at 4:46, James Bailie wrote: > On Fri, Jan 21, 2000 at 10:02:11PM +1300, Dan Langille wrote: > > > Clues please. > > The man page is a good place to start. mkstemp() creates a temporary > filename and opens it in one go, to avoid the race condition between > testing for the file's existence and opening it. since the filenames > generated by mkstemp() et al are guessable and repeat, a malefactor could > cause files to be overwritten elsewhere via symbolic link chicanery. Thanks. But the clues I want are those which enable this port to build. And more specifically, why does it build on one box and not the other. Same tarballs, etc. Or more interestingly, if mktemp() is such a problem, why does one box allow it? -- Dan Langille - DVL Software Limited [I'm looking for more work] The FreeBSD Diary - http://www.freebsddiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm unix @ home - http://www.unixathome.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001210943.WAA74099>