Date: Thu, 02 Nov 2000 18:06:52 -0500 (EST) From: Mike Heffner <mheffner@vt.edu> To: Garance A Drosihn <drosih@rpi.edu> Cc: Kris Kennaway <kris@FreeBSD.ORG>, audit@FreeBSD.ORG Subject: Re: sort(1) tempfile patch Message-ID: <XFMail.20001102180652.mheffner@vt.edu> In-Reply-To: <p04330112b6279baac90a@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02-Nov-2000 Garance A Drosihn wrote: | At 2:59 PM -0500 11/2/00, Mike Heffner wrote: | >http://docs.freebsd.org/cgi/getmsg.cgi?fetch=34587+0+archive/2000/freebsd-aud | >it/20000130.freebsd-audit | > | | Okay, that looks a lot like the update I was thinking of. Was | this update never applied? Or was it lost somewhere along | the line? I prefer the strategy of this update. It was just never applied, I had submitted a PR about it too, (bin/16929) and got the reply: From: Tim Vanderhoek <tim@localhost.nowhere> To: freebsd-gnats-submit@FreeBSD.org, spock@techfour.net Cc: vanderh@ecf.toronto.edu Subject: Re: bin/16929: [PATCH] prevent possible race condition Date: Tue, 16 May 2000 00:36:58 -0400 (EDT) > >sort can create the following predictable tempfiles: >/tmp/sort{pid}{seq} It appears that the security implications of this have already been fixed in rev.1.11 of src/gnu/usr.bin/sort/sort.c. .... so nothing was really done about it. -- Mike Heffner <mheffner@vt.edu> Blacksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20001102180652.mheffner>