[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] tempfile creation
From: |
Valdis . Kletnieks |
Subject: |
Re: [Nmh-workers] tempfile creation |
Date: |
Wed, 27 Apr 2005 12:18:09 -0400 |
On Wed, 27 Apr 2005 11:01:45 EDT, "Mike O'Dell" said:
>
> if i were to hazzard a guess, the reason the code doesn't use
> mkstemp() is that [1] the code cited is likely well more than
> twice age of mkstemp() [2]and nobody has gone looking for
> things to fix that were still (apparently) working. (big grin)
For bonus points, note that even changing it to mkstemp() won't fix
all the issues, because what the code currently does is to generate
a filename, open it, then leak the file descriptor and pass the
filename back for re-opening...
So even mkstemp()'s efforts to prevent hijacking fail, because there's
still a window between when mkstemp creates the file and when the code
re-opens the file instead of using the file descriptor that mk*tmp returned...
pgp3ia_ZcdzEr.pgp
Description: PGP signature
- [Nmh-workers] tempfile creation, Paul Fox, 2005/04/27
- Re: [Nmh-workers] tempfile creation, Mike O'Dell, 2005/04/27
- Re: [Nmh-workers] tempfile creation, Mike O'Dell, 2005/04/27
- Re: [Nmh-workers] tempfile creation, Neil W Rickert, 2005/04/27
- Modernizing core code (was Re: [Nmh-workers] tempfile creation, heymanj, 2005/04/27
- Re: Modernizing core code (was Re: [Nmh-workers] tempfile creation, Ralph Corderoy, 2005/04/28
Re: [Nmh-workers] tempfile creation, Chad Walstrom, 2005/04/27