From owner-freebsd-current  Mon Mar  6  2:23:14 2000
Delivered-To: freebsd-current@freebsd.org
Received: from lucifer.bart.nl (lucifer.bart.nl [194.158.168.74])
	by hub.freebsd.org (Postfix) with ESMTP id A336E37BD10
	for <current@FreeBSD.ORG>; Mon,  6 Mar 2000 02:23:09 -0800 (PST)
	(envelope-from asmodai@lucifer.bart.nl)
Received: (from asmodai@localhost)
	by lucifer.bart.nl (8.9.3/8.9.3) id LAA47996;
	Mon, 6 Mar 2000 11:22:54 +0100 (CET)
	(envelope-from asmodai)
Date: Mon, 6 Mar 2000 11:22:54 +0100
From: Jeroen Ruigrok van der Werven <asmodai@bart.nl>
To: Garance A Drosihn <drosih@rpi.edu>
Cc: Chris Wasser <cwasser@v-wave.com>, current@FreeBSD.ORG
Subject: Re: oddness in -current
Message-ID: <20000306112253.F46955@lucifer.bart.nl>
References: <20000306001706.A32145@area51.v-wave.com> <v04210114b4e91ac8525f@[128.113.24.47]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <v04210114b4e91ac8525f@[128.113.24.47]>; from drosih@rpi.edu on Mon, Mar 06, 2000 at 03:23:44AM -0500
Organisation: bART Internet Services B.V.
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

-On [20000306 09:25], Garance A Drosihn (drosih@rpi.edu) wrote:
>At 12:17 AM -0700 3/6/00, Chris Wasser wrote:
>>I was just watching a buildworld happen when I noticed (specifically
>>in gcc, and a few other places) the following warning several times:
>>
>>warning: mktemp() possibly used unsafely; consider using mkstemp()
>>
>>I'm not sure if it's a big deal or not, but in the interests of
>>satisfying my own interests, I thought I would mention it. If this
>>has been covered already in this list, then please disregard. Next
>>time I'll capture the entire build process to a file.
>
>This probably has not been discussed a lot on current, but the
>freebsd-audit group has been trying to track down and change
>all uses of mktemp which might lead to any kind of security
>problem.

And in this case those are probably warnings issued by programs from the
contrib directory.

Possible suspects: cvs, groff, etc.

-- 
Jeroen Ruigrok van der Werven          Network- and systemadministrator
<asmodai@bart.nl>                      VIA NET.WORKS The Netherlands
BSD: Technical excellence at its best  http://www.bart.nl
Tel: +31 - (0) 10 - 240 39 70          http://www.via-net-works.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message