From owner-freebsd-audit  Thu Nov  2 15: 6:58 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id C6E0D37B4CF; Thu,  2 Nov 2000 15:06:55 -0800 (PST)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id eA2N6rt434949;
	Thu, 2 Nov 2000 18:06:54 -0500 (EST)
Received: from muriel.penguinpowered.com ([198.82.100.195])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0G3F0034Q6VGWR@gkar.cc.vt.edu>; Thu,
 2 Nov 2000 18:06:52 -0500 (EST)
Date: Thu, 02 Nov 2000 18:06:52 -0500 (EST)
From: Mike Heffner <mheffner@vt.edu>
Subject: Re: sort(1) tempfile patch
In-reply-to: <p04330112b6279baac90a@[128.113.24.47]>
To: Garance A Drosihn <drosih@rpi.edu>
Cc: Kris Kennaway <kris@FreeBSD.ORG>, audit@FreeBSD.ORG
Message-id: <XFMail.20001102180652.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.4 on FreeBSD
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 8bit
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 02-Nov-2000 Garance A Drosihn wrote:
|  At 2:59 PM -0500 11/2/00, Mike Heffner wrote:
| >http://docs.freebsd.org/cgi/getmsg.cgi?fetch=34587+0+archive/2000/freebsd-aud
| >it/20000130.freebsd-audit
| >
|  
|  Okay, that looks a lot like the update I was thinking of.  Was
|  this update never applied?  Or was it lost somewhere along
|  the line?  I prefer the strategy of this update.

It was just never applied, I had submitted a PR about it too, (bin/16929) and
got the reply:

From: Tim Vanderhoek <tim@localhost.nowhere>
    To: freebsd-gnats-submit@FreeBSD.org, spock@techfour.net
    Cc: vanderh@ecf.toronto.edu
    Subject: Re: bin/16929: [PATCH] prevent possible race condition
    Date: Tue, 16 May 2000 00:36:58 -0400 (EDT)

     >
     >sort can create the following predictable tempfiles:
     >/tmp/sort{pid}{seq}
     
     It appears that the security implications of this have already been
     fixed in rev.1.11 of src/gnu/usr.bin/sort/sort.c.

     ....
     
so nothing was really done about it.

-- 
  Mike Heffner     <mheffner@vt.edu>
  Blacksburg, VA         ICQ# 882073
  http://my.ispchannel.com/~mheffner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message