[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] extensions on tmp filenames?

From: Oliver Kiddle
Subject: Re: [Nmh-workers] extensions on tmp filenames?
Date: Sun, 02 Feb 2014 01:33:31 +0100

David Levine wrote:
> While cleaning up the tmp files, I noticed a potential security
> issue.  mhshow, mhn, etc., used to create temporary files using
> mkstemp(3) and then rename(3) them in order to add a filename
> extension that reflects the content type.  E.g.,
> /tmp/mhshowXYZ123.html.  rename allows the new filename to refer
> to the old file, even if very briefly.  So I removed that
> rename.
> But it was there for a reason:  some external display programs
> rely on the filename extension.  Users can get around it with

You could use mkstemps to create the temporary file directly with a
suffix. The only problem is that it'd need a configure test for
mkstemps because at least Solaris 10 (but not 11) lacks it. Where
mkstemps is lacking, I'd just do the rename.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]