From owner-freebsd-current Mon Mar 6 0:23:35 2000 Delivered-To: freebsd-current@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 0910337BCC3 for ; Mon, 6 Mar 2000 00:23:27 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id DAA363620; Mon, 6 Mar 2000 03:23:23 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20000306001706.A32145@area51.v-wave.com> References: <20000306001706.A32145@area51.v-wave.com> Date: Mon, 6 Mar 2000 03:23:44 -0500 To: Chris Wasser , current@FreeBSD.ORG From: Garance A Drosihn Subject: Re: oddness in -current Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 12:17 AM -0700 3/6/00, Chris Wasser wrote: >I was just watching a buildworld happen when I noticed (specifically >in gcc, and a few other places) the following warning several times: > >warning: mktemp() possibly used unsafely; consider using mkstemp() > >I'm not sure if it's a big deal or not, but in the interests of >satisfying my own interests, I thought I would mention it. If this >has been covered already in this list, then please disregard. Next >time I'll capture the entire build process to a file. This probably has not been discussed a lot on current, but the freebsd-audit group has been trying to track down and change all uses of mktemp which might lead to any kind of security problem. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message