[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: CVE-2008-5378: possible symlink attacks
From: Andreas Tille <tillea () rki ! de>
Date: 2008-12-30 8:44:35
Message-ID: alpine.DEB.2.00.0812300942090.5318 () wr-linux02
[Download RAW message or body]
On Mon, 29 Dec 2008, Russ Allbery wrote:
> Right, mkstemp gives you a file name that you can then safely open. In
> code where I didn't want to break the existing flow, I've used the
> following pattern many times:
>
> fd = mkstemp(filename);
> if (fd < 0) {
> perror("mkstemp");
> return NULL;
> }
> close(fd);
> /* Go on to use filename as the name of the temporary file... */
>
> It's an extra few system calls, but usually it doesn't matter.
Thanks for this additional hint. Actually I've thought about
this option and it is a good hint that it is not unusual. But
as I said in my previous mail, at this place I need to open an
existing file and we do not need a random filename here.
Kind regards
Andreas.
--
http://fam-tille.de
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic