Date: Sat, 10 Jun 2000 18:27:15 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: "Andrey A. Chernov" <ache@freebsd.org>, Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <3942C0C3.D06003DB@vangelderen.org> References: <Pine.BSF.4.21.0006101521350.67475-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote:
>
> On Sat, 10 Jun 2000, Jeroen C. van Gelderen wrote:
>
> > > Actually, it's not of course a security risk in the new algorithm (this is
> > > mktemp() after all), but it's a potential failure mode which can cause
> > > applications to fail in ways they otherwise wouldn't (with some very low
> > > probability) on a normal system. But, I don't think it's a big enough
> > > problem to worry about (numbers still coming :-)
> >
> > It's not a new situation, any application that can write to /tmp can
> > create files that collide with other program's use of mktemp().
>
> Not under the current mktemp() since the PID is unique (except for
> wraparounds)
mktemp() is not the only function that creates files in /tmp.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3942C0C3.D06003DB>