From owner-freebsd-audit Thu Jan 27 16:29:38 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id C9F17158FA; Thu, 27 Jan 2000 16:29:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A7F971CD6B9; Thu, 27 Jan 2000 16:29:36 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Thu, 27 Jan 2000 16:29:36 -0800 (PST) From: Kris Kennaway To: Garance A Drosihn Cc: Mike Heffner , FreeBSD-audit Subject: Re: use mkstemp(3) for sort In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 27 Jan 2000, Garance A Drosihn wrote: > For something like this, I sometimes wonder if it would be better > to have the program ('sort', in this case) to create a randomly- > named directory in /tmp, make sure that directory is owned by the > right user and is only readable by the user, and then create all > if it's temporary files inside of that directory. This sounds like a better solution than making an invasive change which will have to be re-merged if we upgrade the code (assuming it's not taken up by the vendor). i.e. create the private directory securely with mkdtemp, and sort can be as insecure as it wants within it :-) Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message