Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Oct 1998 15:34:00 -0600
From:      Warner Losh <imp@village.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Bruce Evans <bde@zeta.org.au>, peter@netplex.com.au, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG
Subject:   Re: cvs commit: src/lib/libc/stdio mktemp.c 
Message-ID:  <199810202134.PAA28899@harmony.village.org>
In-Reply-To: Your message of "Tue, 20 Oct 1998 12:12:06 PDT." <199810201912.MAA28626@apollo.backplane.com> 
References:  <199810201912.MAA28626@apollo.backplane.com>  <199810201628.CAA15294@godzilla.zeta.org.au> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <199810201912.MAA28626@apollo.backplane.com> Matthew Dillon writes:
:     We have enough problems with security, we don't need to add mkstemp()
:     to the fray after the time had been spent to make it secure.  I don't
:     give a fart what the 'standards' say... creating files in /tmp is
:     already an extremely dangerous proposition.  Don't screw it up even more
:     by de-securing the function call!

Any commits tha mkstemp not create the file 600 will be backed out by
me with extreme prejustice.  Period.  I don't give two rats asses
about standards, tradition or anything else.  If an application wants
to share a /tmp file with someone else, fchmod(2) exists for those
people.

Sorry to be so harsh, but I agree 100% with Matt here.  We have enough
problems with people not using mkstemp in the tree now that I don't
want to *ANYTHING* to make mkstemp any less secure.  I'll have to take
a good hard look at Peter's commit to see what he's trying to fix.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810202134.PAA28899>