[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-enscript] enscript and temp file location
From: |
Shawn McMahon |
Subject: |
Re: [bug-enscript] enscript and temp file location |
Date: |
Fri, 25 Apr 2008 17:36:17 -0400 |
On Fri, 2008-04-25 at 11:50 +0300, Tapani Tarvainen wrote:
>
> My vote goes to using mkstemp() despite the extra code required,
> preferably using TMPDIR environment variable. See, e.g., the
> example function smart_create_tempfile at
> http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html
Why wouldn't we just use the simpler example:
char *filename;
int fd;
do {
filename = tempnam (NULL, "foo");
fd = open (filename, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 0600);
free (filename);
} while (fd == -1);
I would think (naively, perhaps?) that would be plenty secure for what we're
doing here, and would honor TMPDIR.
Replacing "foo" with "enscript" of course.
signature.asc
Description: This is a digitally signed message part