Bugtraq mailing list archives
Re: mktemp() and friends
From: casper () holland Sun COM (Casper Dik)
Date: Tue, 24 Dec 1996 20:29:35 +0100
+ Something that accepts the new file's modes, unlike mkstemp, so that we don't have to go through the following three step process to ensure that the file is empty before we use a file created with 0666: mkstemp chmod ftruncate
What do different implementations of mkstemp() use for file mode? Solaris 2.x uses mode 0600 which, to me, seems the only proper mode for temporary files. What do the BSDs use? I see "0600" in 4.3, and in 4.4lite so I don't think that that's changed in between. I also note that SV tmpfile() is not secure,, nor is BSD 4.3 tmpfile(). Later BSD releases rectify this and use mkstemp(). Many OSes out there will have a unsafe tmpfile(), depending on when and where they got tmpfile(). SysV or early BSD heritage gives a porblem. Casper
Current thread:
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Steve \ (Dec 24)
- Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
- Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)
- Re: mktemp() and friends Darren Reed (Dec 23)