Re: CVS commit: pkgsrc/sysutils/gentoo

To: OBATA Akio <obache%netbsd.org@localhost>
Subject: Re: CVS commit: pkgsrc/sysutils/gentoo
From: David Holland <dholland-pkgchanges%netbsd.org@localhost>
Date: Mon, 26 Jan 2009 04:44:56 +0000

On Mon, Jan 26, 2009 at 10:12:43AM +0900, OBATA Akio wrote:
 > > This is incorrect - you've introduced insecure-temporary-files.
 > >
 > > Please put patch-ae back, and revise it to use mkstemp() instead of
 > > mkdtemp(). Perhaps something like this (untested):
 > 
 > patch-ae was broken, and I don't think it is so insecure
 > (maybe, should pass O_EXCL to open though).

Not just maybe. It's fully insecure this way.

 > If you think this issue should be fixed, please.

I don't have time to do it right, but I'll commit what I've got. If it
turns out not to work, we're no worse off than with the mkdtemp().

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio

References:
- CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: David Holland
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio

Prev by Date: CVS commit: pkgsrc
Next by Date: CVS commit: pkgsrc/sysutils/gentoo
Previous by Thread: Re: CVS commit: pkgsrc/sysutils/gentoo
Next by Thread: Re: CVS commit: pkgsrc/sysutils/gentoo
Indexes:

Home | Main Index | Thread Index | Old Index