This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: What about mkstemp vs. mktemp in binutils?
- From: Alan Modra <amodra at bigpond dot net dot au>
- To: Christian Jönsson <c dot christian dot joensson at telia dot com>, binutils at sources dot redhat dot com
- Date: Sun, 17 Feb 2002 22:25:43 +1030
- Subject: Re: What about mkstemp vs. mktemp in binutils?
- References: <20020217103524.GA10649@fw.j-son.org>
On Sun, Feb 17, 2002 at 11:35:24AM +0100, Christian Jönsson wrote:
> /home/chj/src/objdir/binutils/../../binutils/bucomm.c:236: the use of `mktemp' is dangerous, better use `mkstemp'
>
> Is this something to worry about?
Don't panic, but there is a possible security hole opened by using
mktemp. The problem being that between mktemp deciding that a given
name in /tmp is OK for a temp file and actually opening the file,
someone could insert a symbolic link with that name pointing to
something like /etc/passwd. You don't compile as root, do you?
--
Alan Modra
IBM OzLabs - Linux Technology Centre
BTW, you need to fix your Mail-Followup-To.