oss-sec mailing list archives
Re: CVE id request: mktemp
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 18 Aug 2008 22:26:18 +0200
Hi Steven, * Steven M. Christey <coley () linus mitre org> [2008-08-18 22:09]:
On Mon, 18 Aug 2008, Nico Golde wrote:This is known but as I wrote in the bug report: "the file is safely created with O_EXCL and 0600, still unsafe if used with -u"Given that -u is "unsafe mode" with a disclaimer against race conditions (at least based on the manpage I looked at), I'm of the mindset that you'd flag an application for using mktemp -u, but not mktemp itself.
Ok fine, makes sense to me. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: mktemp Nico Golde (Aug 15)
- Re: CVE id request: mktemp Todd C. Miller (Aug 15)
- Re: CVE id request: mktemp Sebastian Krahmer (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Steven M. Christey (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)