From owner-freebsd-audit Thu Jan 27 16:20:22 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id EDB6F159C2 for ; Thu, 27 Jan 2000 16:20:12 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id TAA37188; Thu, 27 Jan 2000 19:20:08 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Thu, 27 Jan 2000 19:20:43 -0500 To: Mike Heffner , FreeBSD-audit From: Garance A Drosihn Subject: Re: use mkstemp(3) for sort Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 12:30 AM -0500 1/27/00, Mike Heffner wrote: >This patch uses mkstemp(3), instead of a pid + sequence number >(usually zero), for a tempfile name...reviewers? For something like this, I sometimes wonder if it would be better to have the program ('sort', in this case) to create a randomly- named directory in /tmp, make sure that directory is owned by the right user and is only readable by the user, and then create all if it's temporary files inside of that directory. While sort may "usually" only create one file, it's possible it will have to create lots (hundreds?) of files. If the above is done, not only will the security issues be addressed, but we'll have less locking and "general wear&tear" on the /tmp directory. Does that sound like a reasonable/worthwhile strategy? --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message