bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] mkstemp


From: Paul Eggert
Subject: Re: [Bug-gnulib] mkstemp
Date: 06 Sep 2003 14:44:39 -0700
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

Derek Robert Price <address@hidden> writes:

> Anyhow, is ftruncate, or anything at all, really sufficient to avoid a
> race exploit?

Not that I can see.

> Perhaps it is silly to be working around bugs in glibc this old?  It was
> fixed January 11, 1999.  One could hope that the sysadmin in charge of
> the system on which CVS is being compiled has read the appropriate
> security notices and updated to a more recent version of glibc.

That's what I'd say, too.  The problem affects all sorts of programs,
not just CVS.

> Then again an extra chmod is pretty cheap.

I suspect that the chmod doesn't really fix the race condition.
Setting the umask before, and restoring it after, would probably be a
better fix; but I wouldn't bother.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]