Re: [Bug-gnulib] mkstemp

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnulib] mkstemp

From:	Paul Eggert
Subject:	Re: [Bug-gnulib] mkstemp
Date:	06 Sep 2003 14:44:39 -0700
User-agent:	Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

Derek Robert Price <derek@ximbiot.com> writes:

> Anyhow, is ftruncate, or anything at all, really sufficient to avoid a
> race exploit?

Not that I can see.

> Perhaps it is silly to be working around bugs in glibc this old?  It was
> fixed January 11, 1999.  One could hope that the sysadmin in charge of
> the system on which CVS is being compiled has read the appropriate
> security notices and updated to a more recent version of glibc.

That's what I'd say, too.  The problem affects all sorts of programs,
not just CVS.

> Then again an extra chmod is pretty cheap.

I suspect that the chmod doesn't really fix the race condition.
Setting the umask before, and restoring it after, would probably be a
better fix; but I wouldn't bother.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-gnulib] mkstemp, Paul Eggert <=
- Re: [Bug-gnulib] mkstemp, Derek Robert Price, 2003/09/08

Prev by Date: Email Quarantined Due to Virus
Next by Date: Change of Address Notification
Previous by thread: Email Quarantined Due to Virus
Next by thread: Re: [Bug-gnulib] mkstemp
Index(es):
- Date
- Thread