[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: mktemp
From: Nico Golde <oss-security+ml () ngolde ! de>
Date: 2008-08-18 20:26:18
Message-ID: 20080818202618.GH27231 () ngolde ! de
[Download RAW message or body]
Hi Steven,
* Steven M. Christey <coley@linus.mitre.org> [2008-08-18 22:09]:
> On Mon, 18 Aug 2008, Nico Golde wrote:
>
> > This is known but as I wrote in the bug report:
> > "the file is safely created with O_EXCL and 0600, still
> > unsafe if used with -u"
>
> Given that -u is "unsafe mode" with a disclaimer against race conditions
> (at least based on the manpage I looked at), I'm of the mindset that you'd
> flag an application for using mktemp -u, but not mktemp itself.
Ok fine, makes sense to me.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic