[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#278283: insecure temporary file usage in gettextize and autopoin
From: |
Thomas Dickey |
Subject: |
Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 10:10:23 -0400 (EDT) |
On Tue, 26 Oct 2004, Bruno Haible wrote:
> is to make filename sit in a temporary directory under /tmp, not directly
> in /tmp ?
For the truly paranoid, even that is not sufficient.
>
> Not bad, but still not perfect: mktemp is not a POSIX standardized
> utility, and $RANDOM is bash specific. So what do you propose on POSIX
> systems without mktemp and bash? Just fall back on the unsecure foo$$
> pattern? Or ship an mktemp.c with the package, to be compiled by
> 'configure' very early?
>
> It would be nice if we could write up the result of this discussion, when
> finished, in the autoconf manual.
> http://www.gnu.org/software/autoconf/manual/autoconf-2.57/html_chapter/autoconf_10.html
>
> Bruno
>
>
>
> _______________________________________________
> Autoconf mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/autoconf
>
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
- Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Santiago Vila, 2004/10/25
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Jarc, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Eggert, 2004/10/26