Subject: Re: your mail
To: Lucio de Re <lucio@proxima.alt.za>
From: David Brownlee <abs@anim.dreamworks.com>
List: tech-userlevel
Date: 05/12/1998 23:55:24
On Wed, 13 May 1998, Lucio de Re wrote:
> Secondly, there are instances where mktemp() is perfectly adequate to
> its task, as opening the actual file may not be immediately desired.
> Of three instances of mktemp() usage in the Samba suite, two seem to be
> of this nature - I am speaking under correction, I may have missed
> something.
>
If the file is in a directory to which other users have write
access then this use of mktemp is even worse than the 'call
mktemp, then immediately open file' as it increases the window
of attack (from the mktemp manpage):
BUGS
The use of mktemp() should generally be avoided, as a hostile process can
exploit a race condition in the time between the generation of a tempo-
rary filename by mktemp() and the invoker's use of the temporary name. A
link-time warning will be issued to advise the use of mkstemp() instead.
(Apologies if you are already familiar with this)
> Seems to me that raising the alarm is a very good idea, while at the
> same time it would be nice to suppress the alarm when it is deemed
> inappropriate. Is this at all possible?
>
Sounds reasonable to me :)
David/absolute
-=- "Just adding to the wrinkles on his deathly frown" -=-