Re: Insecure use of file in /tmp by trn

From: Rogier Wolff (R.E.Wolffat_private)
Date: Sat Aug 28 1999 - 00:59:42 PDT

Next message: Peter W: "Re: IE and cached passwords"

Previous message: Theo de Raadt: "Re: Insecure use of file in /tmp by trn"
Maybe in reply to: Martin Schulze: "Insecure use of file in /tmp by trn"
Next in thread: Shuman: "Re: Insecure use of file in /tmp by trn"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ben Pfaff wrote:
> Rogier Wolff <R.E.Wolffat_private> writes:
> > Creating a tempfile from a C program is possible since we have a
[...]
> SYNOPSIS
>      mktemp [-q] [-u] template
>
> DESCRIPTION
[...]
>      If mktemp can successfully generate a unique file name, the file is cre-
>      ated with mode 0600 (unless the -u flag is given) and the filename is
>      printed to standard output.

Last I looked at the "mktemp" manpage it didn't create the file, and
was thus vulnerable to races. This is an incompatible change that
others didn't dare make.

The world is becoming a better place ;-)

		Roger.

--
** R.E.Wolffat_private ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------

Next message: Peter W: "Re: IE and cached passwords"
Previous message: Theo de Raadt: "Re: Insecure use of file in /tmp by trn"
Maybe in reply to: Martin Schulze: "Insecure use of file in /tmp by trn"
Next in thread: Shuman: "Re: Insecure use of file in /tmp by trn"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:32 PDT