[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: temp file creation bug in diffutils 2.7
|
From: |
Solar Designer |
|
Subject: |
Re: temp file creation bug in diffutils 2.7 |
|
Date: |
Thu, 28 Dec 2000 05:21:55 +0300 |
|
User-agent: |
Mutt/1.2.5i |
On Wed, Dec 27, 2000 at 04:00:39PM -0800, Paul Eggert wrote:
> Thanks for your bug report. Your patch isn't portable, since not
> every system has mkstemp. We'll use something like the following
> patch instead.
>
> @@ -1012,5 +955,16 @@ edit (left, lname, lline, llen, right, r
>
> {
> - FILE *tmp = ck_fopen (tmpname, "w+");
> + int fd;
> + FILE *tmp;
> +
> +#if defined O_CREAT && defined O_TRUNC && defined O_EXCL
> + /* Use O_EXCL to avoid race condition. */
> + fd = open (tmpname, O_RDWR | O_CREAT | O_TRUNC | O_EXCL,
> + S_IRUSR | S_IWUSR);
This is DoS'able, -- there should be a loop here (private_tempnam(),
open(..., O_EXCL) while EEXIST). It may be both easier and better to
detect mkstemp in the configure script (and provide --with-mkstemp
for those of us who don't like fail-open builds). If a system
doesn't offer mkstemp, it very likely has lots of other /tmp races.
--
/sd