[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: temp file creation bug in diffutils 2.7
|
From: |
Solar Designer |
|
Subject: |
Re: temp file creation bug in diffutils 2.7 |
|
Date: |
Wed, 3 Jan 2001 13:12:59 +0300 |
|
User-agent: |
Mutt/1.2.5i |
> > In the diffutils 2.7 package, the sdiff program creates temp files in an
> > insecure manner. Below is a small patch that seems to fix the problem.
> > This was found when building the latest version of Immunix Linux and we
> > would like to release an updated package soon.
>
> Bleah, that patch was pretty b0rken, my apologies to everyone involved.
> Many thanks to Solar Designer who pointed it out to me.
>
> Below should be a much better patch, that actually works :)
This new patch is almost correct, except that I believe the temporary
file wouldn't be unlinked (the global tmpname is never set).
I am attaching the patch (based on yours) that I've actually put in
Owl and done some testing watching strace output.
> + char tmpname[20];
This shadows the global tmpname variable.
--
/sd
diffutils-2.7-immunix-owl-tmp.diff
Description: Text document
- Re: temp file creation bug in diffutils 2.7, Greg KH, 2001/01/02
- Re: temp file creation bug in diffutils 2.7,
Solar Designer <=
- Re: temp file creation bug in diffutils 2.7, Eli Zaretskii, 2001/01/03
- Re: temp file creation bug in diffutils 2.7, Solar Designer, 2001/01/04
- Re: temp file creation bug in diffutils 2.7, Greg KH, 2001/01/04
- Re: temp file creation bug in diffutils 2.7, Eli Zaretskii, 2001/01/04
- Re: temp file creation bug in diffutils 2.7, Solar Designer, 2001/01/04
- Re: temp file creation bug in diffutils 2.7, Eli Zaretskii, 2001/01/04
- Re: temp file creation bug in diffutils 2.7, Paul Eggert, 2001/01/04