From owner-freebsd-audit Tue Aug 1 3:10:40 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 75DDB37BE50; Tue, 1 Aug 2000 03:10:39 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA92386; Tue, 1 Aug 2000 03:10:39 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 1 Aug 2000 03:10:39 -0700 (PDT) From: Kris Kennaway To: Kelly Yancey Cc: audit@freebsd.org Subject: Re: Update to patch(1) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 2 Jul 2000, Kelly Yancey wrote: > > Can someone please review the patches in PR 19642. They merge in many > changes to patch(1) from OpenBSD. Specifically, they remove the standard > mktemp race condition as well as fix some potential buffer overflows. Sorry for the delay. Some comments: * be consistent about sizeof(foo) vs sizeof foo (choose whichever the surrounding file uses) * system() is insecure - there's no point in making all the string operations buffer-safe if you go and pass a user string to system() :-) * mkstemp() + close() isn't a drop-in replacement for mktemp() since it will leave tempfiles around if the program exits through an abnormal channel (error condition, signal, etc). mkstemp() + unlink() is usually okay if the program (or another program) doesn't need to reopen the same file, although it needs more source-code modification. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message