From owner-freebsd-audit Tue Oct 24 6: 6:56 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 2393937B4CF for ; Tue, 24 Oct 2000 06:06:55 -0700 (PDT) Received: by peitho.fxp.org (Postfix, from userid 1501) id 965DD1360E; Tue, 24 Oct 2000 09:06:59 -0400 (EDT) Date: Tue, 24 Oct 2000 09:06:59 -0400 From: Chris Faulhaber To: Jeroen Ruigrok van der Werven Cc: audit@freebsd.org Subject: Re: printjob.c mktemp() problem Message-ID: <20001024090659.A80998@peitho.fxp.org> References: <20001024140510.G93799@lucifer.bart.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001024140510.G93799@lucifer.bart.nl>; from jruigrok@via-net-works.nl on Tue, Oct 24, 2000 at 02:05:10PM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Oct 24, 2000 at 02:05:10PM +0200, Jeroen Ruigrok van der Werven wrote: > In printjob.c in the dir src/usr.sbin/lpr/lpd we see a mktemp() call > which creates a file accroding to the template. > > I also see that it is getting unlink()'d again a bunch of lines later. > > I later on see some open() call on the same tempfile array which does > exactly what the mktemp(3) manpage warns about. > > Am I right into thinking this might be a good candidate for a > mktemp()->mkstemp() conversion? > It looks like a prime candidate for mktemp()->mkstemp() conversion. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message