From owner-cvs-gnu Fri Mar 6 12:01:13 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA16153 for cvs-gnu-outgoing; Fri, 6 Mar 1998 12:01:13 -0800 (PST) (envelope-from owner-cvs-gnu) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16134; Fri, 6 Mar 1998 12:00:36 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id LAA08710; (8.8.8/RDY) Fri, 6 Mar 1998 11:57:42 -0800 (PST) Message-Id: <199803061957.LAA08710@burka.rdy.com> Subject: Re: cvs commit: src/gnu/usr.bin/sort sort.c In-Reply-To: <199803061918.UAA13548@gvr.gvr.org> from Guido van Rooij at "Mar 6, 98 08:18:14 pm" To: guido@gvr.org (Guido van Rooij) Date: Fri, 6 Mar 1998 11:57:41 -0800 (PST) Cc: ache@nagual.pp.ru, guido@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-gnu@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-gnu@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Guido van Rooij writes: > [______ ______] wrote: > > On Fri, Mar 06, 1998 at 11:00:27AM -0800, Guido van Rooij wrote: > > > guido 1998/03/06 11:00:27 PST > > > > > > Modified files: > > > gnu/usr.bin/sort sort.c > > > Log: > > > Open temporary files with O_EXCL. > > > Obtained from:bugtraq > > > > This change cause sort fails if someone makes file with the same name. > > It means that anybody can stop root's sort in progress (f.e. valuable > > things sorted) or any user sort. Non-fixed sort allows more, of course, > > Yes. But without it, anyone can have root's sort process overwrite any file > (via symlinks). Maybe tempname() should check whether the file exsists, and if it does - generate a new temp filename? Fix is rather trivial. > > -Guido > -- dima