[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] Diffs for replacing mktemp() usage
From: |
Paul Fox |
Subject: |
Re: [Nmh-workers] Diffs for replacing mktemp() usage |
Date: |
Tue, 02 Feb 2010 17:35:36 -0500 |
peter wrote:
> use mkstemp() but still allow the rest of the code to reopen
> the temporary file by name, you've shut the linker up but
> not completely closed the security hole. See
> http://www.mail-archive.com/address@hidden/msg01380.html
huh. i was just about to suggest that. replacing mktemp with a
version that uses a user-only directory (and the routine could
check the permissions) seems like the best solution. or, such a
directory could be created in /tmp when the command starts -- but
cleanup might be more of an issue in that case.
paul
=---------------------
paul fox, address@hidden (arlington, ma, where it's 30.6 degrees)
[Nmh-workers] Re: Diffs for replacing mktemp() usage, Earl Hood, 2010/02/03