That fix is not correct. You're just hoping that if you can make a filename that noone can guess, that you'll be the first person to open it? I suggest you read the OpenBSD mkstemp(3) man page, and apply what you learn there to perl code. The only way to handle this correctly is to use the O_CREAT|O_EXL flag on the final open system call. Go back and read the stuff I've posted to bugtraq over the last three years about /tmp races. Everyone's just repeating the same mistakes. > >>>>> foo <fooat_private> writes: > > > In Autobuse's main perl script, line 96: > > > > if(!$test_run) { > > open OUT, ">/tmp/autobuse_report.$$" > > or die "can't open /tmp/autobuse_report.$$"; > > select OUT; > > } > > This is fixed, partly, in autobuse version snap949125599, and more so > in today's snap949380617, which uses this mktemp function: > > sub get_tmpfile { > my $file; > do { > open RAN, "/dev/random" || die; > read(RAN,$foo,16); > close RAN; > $file = '/tmp/autobuse' . unpack('H16',$foo); > } while (-e $file || -l $file); > > return $file; > } > > This method is Linux-specific, but that's all I need. The fixed > autobuse is available at http://www.picante.com/~gtaylor/autobuse/ > > Note that Autobuse has, as far as I know, zero users (including me). > If I am wrong about this, please let me know! > > -- > Grant Taylor - gtaylor at picante.com - http://www.picante.com/~gtaylor/ > Linux Printing HOWTO: http://www.picante.com/~gtaylor/pht/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:53 PDT