[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: temp file creation bug in diffutils 2.7
From: |
Paul Eggert |
Subject: |
Re: temp file creation bug in diffutils 2.7 |
Date: |
Thu, 28 Dec 2000 12:36:02 -0800 (PST) |
> Date: Thu, 28 Dec 2000 05:21:55 +0300
> From: Solar Designer <address@hidden>
>
> This is DoS'able
I suppose you're right.
I'll rewrite it to use mkstemp, and write a substitute mkstemp for
hosts that don't have it. What a pain. (And for code that is never
used -- it's only there to keep POSIX happy. Sigh.) Too bad the
glibc mkstemp isn't portable.
> Date: Thu, 28 Dec 2000 02:34:49 +0000 (GMT)
> From: Alan Cox <address@hidden>
>
> > Ancient hosts without proper O_EXCL support can be used safely if all
> > users trust each other. I don't see the point of refusing to support
> > such environments. The patch is safe on all modern hosts.
>
> The reason to at least warn people is that the operators of such an
> environment are not likely to be aware that the FSF is shipping
> dangerous insecure code unless it errors.
I doubt whether any of those ancient hosts are GNU porting targets any
more. But rather than continue to worry about this issue, I'll have
my substitute mkstemp use O_EXCL instead of creat. This is safe. It
won't be portable to ancient hosts, but it will be portable to older
hosts that have O_EXCL but not mkstemp, and some of those hosts may
still be porting targets.