From owner-freebsd-ports Fri Jun 9 9:57:15 2000 Delivered-To: freebsd-ports@freebsd.org Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30]) by hub.freebsd.org (Postfix) with ESMTP id 0443237BA6B; Fri, 9 Jun 2000 09:57:12 -0700 (PDT) (envelope-from mi@privatelabs.com) Received: from misha.privatelabs.com (root@misha.privatelabs.com [198.143.31.6]) by privatecube.privatelabs.com (8.9.2/8.9.2) with ESMTP id LAA01815; Fri, 9 Jun 2000 11:56:36 -0400 (EDT) Received: from privatelabs.com (mi@localhost [127.0.0.1]) by misha.privatelabs.com (8.9.3/8.9.3) with ESMTP id MAA14702; Fri, 9 Jun 2000 12:56:06 -0400 (EDT) (envelope-from mi@privatelabs.com) From: mi@privatelabs.com Message-Id: <200006091656.MAA14702@misha.privatelabs.com> Date: Fri, 9 Jun 2000 12:56:03 -0400 (EDT) Subject: Re: ports/19047: net/arpwatch patched to use tmpfile() instead of mktemp() To: Maxim Sobolev Cc: freebsd-ports@FreeBSD.org In-Reply-To: <3941100C.D85F0FCF@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 9 Jun, Maxim Sobolev wrote: = mi@privatelabs.com wrote: = = > On 9 Jun, sobomax@FreeBSD.org wrote: = > = Synopsis: net/arpwatch patched to use tmpfile() instead of mktemp() = > = = > = State-Changed-From-To: open->closed = > = State-Changed-By: sobomax = > = State-Changed-When: Fri Jun 9 00:24:07 PDT 2000 = > = State-Changed-Why: = > = Another patch committed. Anyway thanks for reporting and please in = > = the future try to be more cooperative and keep your ego under = > = control. = > = = > = http://www.freebsd.org/cgi/query-pr.cgi?pr=19047 = > = > I maintain, there was nothing wrong with my patch on any of the = > Operating Systems in scope. = = Are you a new FreeBSD Security Officer? Sorry, but I do not remember = anything relevant committed into CVSROOT/access.... Please spare the poor taste pseudo-sarcasm. I agree that there might, in fact, be operating systems out there on which tmpfile is dangerous. It is however not dangerous on the three operating systems that use the ports (Open, Net, and FreeBSD) -- and Kris seems to agree with that. And the tmpfile's man page says just that. And both, you and Ade don't seem to disagree. This is NOT a security issue. It is the ports issue. If it is the FreeBSD's ports system's ambition to provide patches, which will (safely) work on all/most other systems, then a lot of other patches have to be reviewed. I was not, however, aware that following such an ambition is a _requirement_ for the patches and in this particular case I believe it results in duplicating code. The tone used by Ade to persuade me added a non-technical reason to the purely technical reasons I put into my first response to you. = > My earlier reference to my ego was to explain my reluctance to = > compromise in that particular case, not to admit a flaw in the = > patch. = = Do you know the following old Russian saying: "If several people told = you that you are drunk then it is better to go sleep, even if you = absolutely sure that you are not" (translation may not be ideal, but = you should get my point). The use of sayings is alway fun and amusing. For example, how about: Whenever you find that you are on the side of the majority, it is time to reform. by Mark Twain? -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message