From owner-cvs-all  Wed Oct 21 01:05:14 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA27834
          for cvs-all-outgoing; Wed, 21 Oct 1998 01:05:14 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.15.68.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA27829;
          Wed, 21 Oct 1998 01:05:10 -0700 (PDT)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id SAA25392;
	Wed, 21 Oct 1998 18:04:35 +1000
Date: Wed, 21 Oct 1998 18:04:35 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199810210804.SAA25392@godzilla.zeta.org.au>
To: bde@zeta.org.au, imp@village.org
Subject: Re: cvs commit: src/lib/libc/stdio mktemp.c
Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, peter@netplex.com.au
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

>: >     fd = mkstemp(foo);
>: >     unlink(foo);
>: 
>: This has a race between the mkstemp() and the unlink().
>
>????  What's the race here?

The file is user-readable and writable (if you clobber the caller's
request to make it of mode 000 by forcing the mode to 600).

>: Who owns it?  The Linux (Redhat version mumble) man page says that
>: mkstemp() conforms to BSD 4.3 and creates the file with permissions
>: 0666.  glibc-2.0.5c uses the same O_EXCL open as us except for using
>: this insecure mode.
        ^^^^^^^^
>Linux has it wrong.  mkstemp should create a file that no one else can

I know.

Bruce

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message