From owner-freebsd-security  Fri Apr 24 20:29:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA28628
          for freebsd-security-outgoing; Fri, 24 Apr 1998 20:29:12 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA28582
          for <freebsd-security@FreeBSD.ORG>; Fri, 24 Apr 1998 20:28:57 -0700 (PDT)
          (envelope-from dkelly@nospam.hiwaay.net)
Received: from nospam.hiwaay.net (tnt2-118.HiWAAY.net [208.147.148.118])
	by fly.HiWAAY.net (8.8.8/8.8.6) with ESMTP id WAA11586
	for <freebsd-security@FreeBSD.ORG>; Fri, 24 Apr 1998 22:28:53 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
          by nospam.hiwaay.net (8.8.8/8.8.4) with ESMTP
	  id WAA27684 for <freebsd-security@FreeBSD.ORG>; Fri, 24 Apr 1998 22:13:22 -0500 (CDT)
Message-Id: <199804250313.WAA27684@nospam.hiwaay.net>
X-Mailer: exmh version 2.0.2 2/24/98
To: freebsd-security@FreeBSD.ORG
From: David Kelly <dkelly@hiwaay.net>
Subject: Re: Symlinks again... 
In-reply-to: Message from Niall Smart <rotel@indigo.ie> 
   of "Fri, 24 Apr 1998 21:25:38 -0000." <199804242025.VAA00581@indigo.ie> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 24 Apr 1998 22:13:21 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Niall Smart writes:
> 
> The code is still wrong though, an account is compromisable.  I
> would submit a PR.  mktemp(1) should be ported to -stable to make
> fixing/avoiding this type of thing easier.  Any takers?

It appears mktemp made it into RELENG_2_2 recently (I don't know how to 
ask CVS yet). So maybe all that's left to do is fold it into the right 
places?

nospam: {463} which mktemp
/usr/bin/mktemp
nospam: {464} uname -a
FreeBSD nospam.hiwaay.net 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Mon Apr 20 20:49:10 CDT 1998     root@nospam.hiwaay.net:/usr/src/sys/compile/PPRO200  i386
nospam: {465} whereis mktemp
mktemp: /usr/bin/mktemp /usr/share/man/man1/mktemp.1.gz /usr/src/usr.bin/mktemp
nospam: {466} ls -l /usr/src/usr.bin/mktemp
total 12
drwxr-xr-x  2 root  wheel   512 Apr 21 21:05 CVS/
-rw-r--r--  1 root  wheel   121 Apr 18 05:56 Makefile
-rw-r--r--  1 root  wheel  5629 Apr 18 05:56 mktemp.1
-rw-r--r--  1 root  wheel  3784 Apr 18 05:56 mktemp.c
nospam: {467} 

--
David Kelly N4HHE, dkelly@nospam.hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message