From owner-freebsd-audit Sun Nov 26 9: 1:44 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E2A437B479 for ; Sun, 26 Nov 2000 09:01:37 -0800 (PST) Received: from ludd.luth.se (md46914c6.utfors.se [212.105.20.198]) by mail.utfors.se (8.8.8/8.8.8) with ESMTP id SAA14387; Sun, 26 Nov 2000 18:00:39 +0100 (MET) Message-ID: <3A2141A0.7BF149C4@ludd.luth.se> Date: Sun, 26 Nov 2000 18:00:16 +0100 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= Organization: Acne X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en-US MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Project for auditors References: <20001124143336.A70550@citusc17.usc.edu> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Aloha! Kris Kennaway wrote: > Here's something I just noticed../usr/bin/mail will repeatedly create > files with the same name from mktemp(), of the form /tmp/RsXXXXXX (as > well as some others). This needs to be fixed to use mkstemp() since > theres the very easy to exploit race condition there. > > Anyone up for it? Well, I took a 5 min browse in the code. There are two files in mail that uses mktemp: temp.c and quit.c. 5 instances from line 79 and onward in file temp.c, and 1 instance on line 424 in quit.c Replacing mktemp() calls with mkstemp() calls was no problem. But since I don't trust myself on this (yet, hopefully), I'm unsure what I need to change in the code surrounding the actual call. The man page describes the NULL vs -1 diffs. I took a look at the patch for printjob.c and am trying to adapt the way it calls mkstemp(). Also, in the quit.c the temp file is deleted by rm(tempname) on line 448. Should I use unlink() instead? -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message