RPM Community Forums

Mailing List Message of <rpm-devel>

Re: mktemp/mkstemp usage

From: Dmitry V. Levin <ldv@altlinux.org>
Date: Wed 18 Jul 2007 - 10:37:41 CEST
Message-ID: <20070718083741.GC29363@basalt.office.altlinux.org> 
On Wed, Jul 18, 2007 at 10:07:27AM +0200, Michael Schroeder wrote:
> On Wed, Jul 18, 2007 at 02:04:11AM +0400, Dmitry V. Levin wrote:
> > No, please do not apply this change.
> > The problem is real, so let linker warnings remind us about this issue.
> The problem is *not* real, close(mkstemp()) looks a bit strange, but
> is sane.

The issue is not only how secure temporary files are created, but also
whether environment is secure enough to pass temp files by their names
to external executables.


-- 
ldv
  • application/pgp-signature attachment: stored
Received on Wed Jul 18 10:37:42 2007
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.