[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Diffs for replacing mktemp() usage

From: Lyndon Nerenberg (VE6BBM/VE7TFX)
Subject: Re: [Nmh-workers] Diffs for replacing mktemp() usage
Date: Tue, 2 Feb 2010 15:45:38 -0700

> Yes, this is why it's difficult to fix :-). Unfortunately, if you
> use mkstemp() but still allow the rest of the code to reopen
> the temporary file by name, you've shut the linker up but
> not completely closed the security hole. See
> http://www.mail-archive.com/address@hidden/msg01380.html
> So I would vote against (the tempfile related parts of) this patch.

Having an MH-private namespace for scratch files is certainly the way
to go here.  These aren't 'temp files' in the traditional sense, and
none of the usual APIs suit the task at hand.

There are license-compatible mkstemp() implementations out there that
can serve as a base for a code import, upon which a suitable
replacement can be built.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]