[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] tempfile creation

From: Valdis . Kletnieks
Subject: Re: [Nmh-workers] tempfile creation
Date: Wed, 27 Apr 2005 12:18:09 -0400

On Wed, 27 Apr 2005 11:01:45 EDT, "Mike O'Dell" said:
> if i were to hazzard a guess, the reason the code doesn't use
> mkstemp() is that [1] the code cited is likely well more than
> twice age of mkstemp() [2]and nobody has gone looking for
> things to fix that were still (apparently) working. (big grin)

For bonus points, note that even changing it to mkstemp() won't fix
all the issues, because what the code currently does is to generate
a filename, open it, then leak the file descriptor and pass the
filename back for re-opening...

So even mkstemp()'s efforts to prevent hijacking fail, because there's
still a window between when mkstemp creates the file and when the code
re-opens the file instead of using the file descriptor that mk*tmp returned...

Attachment: pgp3ia_ZcdzEr.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]