On Mon, 24 Feb 1997, Perry E. Metzger wrote:

> > 	It would help if at least source in the tree used mkstemp() rather
> > 	than mktemp(), tmpnam(), tempnam(). 
> > 
> > 	Maybe add a warning for the above functions in a similar fashion
> > 	to 'gets()' - I believe OpenBSD did something like that a while
> > 	back.
> 
> This is certainly useful, but it doesn't solve the "play with symlinks
> and deep directories during nightly find" problem.
> 
	Very much agreed - its a solution to some of the problems, and
	it encourages good practice. Code should not be using mktemp() &
	friends because even if NetBSD does 'wierd' things with /tmp, if
	someone	compiles up that code on another system they're wide open.

	The earlier suggested changes to /tmp semantics also provide no
	protection against the symlink attack on a nightly find, but
	presumably that could be countered by changing find to maintain
	a 'stack' of the inode numbers of each directory it chdir()s
	into & stat()ing on the way back down, plus the usual combination
	of lstat() & fstat() on the way up. There is a performance
	penalty, but to paraphrase an old saying
		"fast, secure, cheap - choose two"

		David/abs	david@{mono.org,southern.com,mhm-internet.com}

     Microsoft: Asks you where you want to go. NetBSD gets you there.
System Manager: Southern Studios Ltd, PO Box 59, London N22 1AR.
  System Admin: MHM Internet, 14 Barley Mow Passage, Chiswick, London W4 4PH.
         SysOP: Monochrome, Largest UK Internet BBS - 'telnet mono.org'.