From owner-freebsd-current Sat Jun 10 15:22:27 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 58F0237BDA4; Sat, 10 Jun 2000 15:22:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA68055; Sat, 10 Jun 2000 15:22:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 10 Jun 2000 15:22:25 -0700 (PDT) From: Kris Kennaway To: "Jeroen C. van Gelderen" Cc: "Andrey A. Chernov" , Mark Murray , current@FreeBSD.ORG Subject: Re: mktemp() patch In-Reply-To: <3942BD80.F7354092@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 10 Jun 2000, Jeroen C. van Gelderen wrote: > > Actually, it's not of course a security risk in the new algorithm (this is > > mktemp() after all), but it's a potential failure mode which can cause > > applications to fail in ways they otherwise wouldn't (with some very low > > probability) on a normal system. But, I don't think it's a big enough > > problem to worry about (numbers still coming :-) > > It's not a new situation, any application that can write to /tmp can > create files that collide with other program's use of mktemp(). Not under the current mktemp() since the PID is unique (except for wraparounds) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message