From owner-freebsd-audit Sun Apr 30 21:17:16 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0381A37B9CD; Sun, 30 Apr 2000 21:17:15 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA94577; Sun, 30 Apr 2000 21:17:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 30 Apr 2000 21:17:14 -0700 (PDT) From: Kris Kennaway To: Warner Losh Cc: Mike Heffner , FreeBSD-audit Subject: Re: that patch for mktemp? In-Reply-To: <200005010404.WAA74367@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Apr 2000, Warner Losh wrote: > ~ isn't too special to shells, so unless it is at the start of a > filename, you shouldn't have a problem. That can only happen if mktemp() is called with no prefix (i.e. "/tmp/XXXXXX" instead of "/tmp/fooXXXXXX"), which is not the docuemnted usage in the manpage ("The template may be any file name with some number of `Xs' appended to it") although I don't know what POSIX has to say on the matter. Probably to be safe we should make it so the PID is encoded first, since that will never have any metacharacters in it. > That said, all of the following are special metacharacters to shells: > !$^&*(){}[]?~`"';<>|\ > > (recall that ^ is a synonym for |). Damn, I didn't know that. ! and ^ will have to be removed, which brings the number of random characters to 73, or 389017 different random combinations for the standard 6-X tempfile. This is still pretty good. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message