This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: What about mkstemp vs. mktemp in binutils?

From: Alan Modra <amodra at bigpond dot net dot au>
To: Christian Jönsson <c dot christian dot joensson at telia dot com>, binutils at sources dot redhat dot com
Date: Sun, 17 Feb 2002 22:25:43 +1030
Subject: Re: What about mkstemp vs. mktemp in binutils?
References: <20020217103524.GA10649@fw.j-son.org>

On Sun, Feb 17, 2002 at 11:35:24AM +0100, Christian Jönsson wrote:
> /home/chj/src/objdir/binutils/../../binutils/bucomm.c:236: the use of `mktemp' is dangerous, better use `mkstemp'
> 
> Is this something to worry about? 

Don't panic, but there is a possible security hole opened by using
mktemp.  The problem being that between mktemp deciding that a given
name in /tmp is OK for a temp file and actually opening the file,
someone could insert a symbolic link with that name pointing to
something like /etc/passwd.  You don't compile as root, do you?

-- 
Alan Modra
IBM OzLabs - Linux Technology Centre

BTW, you need to fix your Mail-Followup-To.

References:
- What about mkstemp vs. mktemp in binutils?
  - From: Christian Jönsson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]