From owner-freebsd-bugs Sun Jan 14 09:35:29 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA13100 for bugs-outgoing; Sun, 14 Jan 1996 09:35:29 -0800 (PST) Received: from sl-002.sl.cybercomm.net (sl-002.sl.cybercomm.net [199.171.196.130]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA13094 for ; Sun, 14 Jan 1996 09:35:11 -0800 (PST) Received: from sl-002.sl.cybercomm.net (localhost [127.0.0.1]) by sl-002.sl.cybercomm.net (8.6.12/8.6.12) with SMTP id MAA03802; Sun, 14 Jan 1996 12:34:30 -0500 Date: Sun, 14 Jan 1996 12:34:30 -0500 (EST) From: Sujal Patel X-Sender: smpatel@sl-015.sl.cybercomm.net To: Bruce Evans cc: freebsd-bugs@freefall.freebsd.org Subject: Re: ports/944: Security fixes for Fvwm 1.24r In-Reply-To: <199601140740.XAA19336@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-bugs@FreeBSD.ORG Precedence: bulk On Sat, 13 Jan 1996, Bruce Evans wrote: > >+ /* make a directory to guard against following symlinks */ > >+ if (mkdir(tmp_name, 0700) != 0) { > >+ perror("exclusive open for tmp_name failed in m4_defs"); > >+ exit(0377); > >+ } > >+ strcat(tmp_name, "/data"); /* what actual tmp file is to be called */ > > I think the O_EXCL method is better. Except of course if you really > want a directory or another type of non-regular file. It's surprisingly > hard to get the interface for temporary file [name] creation right. > FreeBSD has 5 BAD interfaces: tempnam(), tmpfile(), tmpnam(), mktemp() > and mkstemp(). I didn't like the idea of making a directory either. It looked pretty ugly when I first looked at this patch-- But there is precedent for this kind of protection (even in BSD code: df.c). Also, this temporary file is going to be used when FVWM runs 'm4 > tempfile', so this doesn't allow the use of mkstemp(). Overall, this whole part of FVWM is a big ugly mess-- But at least this fixes the security problems. Sujal