Date: Mon, 6 Mar 2000 11:22:54 +0100 From: Jeroen Ruigrok van der Werven <asmodai@bart.nl> To: Garance A Drosihn <drosih@rpi.edu> Cc: Chris Wasser <cwasser@v-wave.com>, current@FreeBSD.ORG Subject: Re: oddness in -current Message-ID: <20000306112253.F46955@lucifer.bart.nl> In-Reply-To: <v04210114b4e91ac8525f@[128.113.24.47]>; from drosih@rpi.edu on Mon, Mar 06, 2000 at 03:23:44AM -0500 References: <20000306001706.A32145@area51.v-wave.com> <v04210114b4e91ac8525f@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
-On [20000306 09:25], Garance A Drosihn (drosih@rpi.edu) wrote: >At 12:17 AM -0700 3/6/00, Chris Wasser wrote: >>I was just watching a buildworld happen when I noticed (specifically >>in gcc, and a few other places) the following warning several times: >> >>warning: mktemp() possibly used unsafely; consider using mkstemp() >> >>I'm not sure if it's a big deal or not, but in the interests of >>satisfying my own interests, I thought I would mention it. If this >>has been covered already in this list, then please disregard. Next >>time I'll capture the entire build process to a file. > >This probably has not been discussed a lot on current, but the >freebsd-audit group has been trying to track down and change >all uses of mktemp which might lead to any kind of security >problem. And in this case those are probably warnings issued by programs from the contrib directory. Possible suspects: cvs, groff, etc. -- Jeroen Ruigrok van der Werven Network- and systemadministrator <asmodai@bart.nl> VIA NET.WORKS The Netherlands BSD: Technical excellence at its best http://www.bart.nl Tel: +31 - (0) 10 - 240 39 70 http://www.via-net-works.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000306112253.F46955>