[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: CVE-2008-5378: possible symlink attacks
From:       Andreas Tille <tillea () rki ! de>
Date:       2008-12-30 8:44:35
Message-ID: alpine.DEB.2.00.0812300942090.5318 () wr-linux02
[Download RAW message or body]

On Mon, 29 Dec 2008, Russ Allbery wrote:

> Right, mkstemp gives you a file name that you can then safely open.  In
> code where I didn't want to break the existing flow, I've used the
> following pattern many times:
>
>    fd = mkstemp(filename);
>    if (fd < 0) {
>        perror("mkstemp");
>        return NULL;
>    }
>    close(fd);
>    /* Go on to use filename as the name of the temporary file... */
>
> It's an extra few system calls, but usually it doesn't matter.

Thanks for this additional hint.  Actually I've thought about
this option and it is a good hint  that it is not unusual. But
as I said in my previous mail, at this place I need to open an
existing file and we do not need a random filename here.

Kind regards

         Andreas.

-- 
http://fam-tille.de


-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]