[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Diffs for replacing mktemp() usage

From: Paul Fox
Subject: Re: [Nmh-workers] Diffs for replacing mktemp() usage
Date: Tue, 02 Feb 2010 17:35:36 -0500

peter wrote:
 > use mkstemp() but still allow the rest of the code to reopen
 > the temporary file by name, you've shut the linker up but
 > not completely closed the security hole. See
 > http://www.mail-archive.com/address@hidden/msg01380.html

huh.  i was just about to suggest that.  replacing mktemp with a
version that uses a user-only directory (and the routine could
check the permissions) seems like the best solution.  or, such a
directory could be created in /tmp when the command starts -- but
cleanup might be more of an issue in that case.

 paul fox, address@hidden (arlington, ma, where it's 30.6 degrees)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]