From owner-freebsd-hackers  Mon May 15 12: 0:36 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6ACCC37B6A1; Mon, 15 May 2000 12:00:31 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e4FJWvt04153;
	Mon, 15 May 2000 12:32:57 -0700 (PDT)
Date: Mon, 15 May 2000 12:32:57 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Wes Peters <wes@softweyr.com>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Tim Vanderhoek <vanderh@ecf.utoronto.ca>,
	James Howard <howardjp@wam.umd.edu>, freebsd-hackers@FreeBSD.ORG
Subject: Re: mktemp() vs. mkstemp()
Message-ID: <20000515123256.C249@fw.wintelcom.net>
References: <Pine.BSF.4.21.0005141952440.20005-100000@freefall.freebsd.org> <39204472.706CB1D2@softweyr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <39204472.706CB1D2@softweyr.com>; from wes@softweyr.com on Mon, May 15, 2000 at 12:39:46PM -0600
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Wes Peters <wes@softweyr.com> [000515 12:11] wrote:
> Kris Kennaway wrote:
> > 
> > On Sun, 14 May 2000, Tim Vanderhoek wrote:
> > 
> > > It's certainly not like it would be the first non-portable function
> > > we've added.  Where adding functions to libraries encourages better
> > > coding practices, I'm (often) in favour of it, especially if it
> > > encourages more secure coding practices.  Ultimately everyone
> > > benefits, and the pain is short-term.
> > 
> > True, but I'd venture that in most of those cases they did something a
> > little less trivial than one line of code.
> 
> We could simply redefine mktemp to not be such a security hole.  Do 
> common programs that use mktemp depend on side effects?

The side effect they depend on is that the char * returned is unique,
but since no file was created it's not garanteed so.  You can't fix
it.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message