Date: Fri, 6 Mar 1998 11:57:41 -0800 (PST) From: dima@best.net (Dima Ruban) To: guido@gvr.org (Guido van Rooij) Cc: ache@nagual.pp.ru, guido@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-gnu@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/sort sort.c Message-ID: <199803061957.LAA08710@burka.rdy.com> In-Reply-To: <199803061918.UAA13548@gvr.gvr.org> from Guido van Rooij at "Mar 6, 98 08:18:14 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Guido van Rooij writes: > [______ ______] wrote: > > On Fri, Mar 06, 1998 at 11:00:27AM -0800, Guido van Rooij wrote: > > > guido 1998/03/06 11:00:27 PST > > > > > > Modified files: > > > gnu/usr.bin/sort sort.c > > > Log: > > > Open temporary files with O_EXCL. > > > Obtained from:bugtraq > > > > This change cause sort fails if someone makes file with the same name. > > It means that anybody can stop root's sort in progress (f.e. valuable > > things sorted) or any user sort. Non-fixed sort allows more, of course, > > Yes. But without it, anyone can have root's sort process overwrite any file > (via symlinks). Maybe tempname() should check whether the file exsists, and if it does - generate a new temp filename? Fix is rather trivial. > > -Guido > -- dima
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803061957.LAA08710>