Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: another /tmp race: `perl -e' opens temp file not safely

From: corbeau () EXECPC COM (Dennis Taylor)
Date: Sat, 7 Mar 1998 19:55:55 -0600

At 6:04 PM -0600 3/7/98, stanislav shalunov wrote:


A side note (by no means I am a Perl hacker; I do not know Perl well):
Perl does not provide a clear way to open a file with O_EXCL.  This
might be considered a reasonable thing to add to the language.


        It certainly is. Pity it's already in there. :-)  The sysopen()
built-in function allows you to open a file with the O_* flags; look at the
sysopen entry in 'man perlfunc' for details. Furthermore, the
object-oriented IO::File interface allows you to say things like:

        $fh = new IO::File "file", O_WRONLY|O_APPEND;  # from the IO::File
docs.

        Or $fh = IO::File->new("file", FLAGS), for that matter, just to
make Chip happy. :-)  Good job with the quick patch... it's frightening to
think how many common utilities probably have this kind of lurking bug.

                                        dennis taylor


__________________________________________________________________________
Dennis Taylor           "Anyone whose days are all the same and free from
corbeau () execpc com       want inhabits eternity of a sort."  - Peter Hoeg
__________________________________________________________________________
   PGP Fingerprint: E8D6 9670 4FBD EEC3 6C6B  810B 2B30 E529 51BD 7B90
Previous By Date Next
Previous By Thread Next

Current thread: