Date: Wed, 1 Mar 2006 15:35:40 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Paul Schmehl <pauls@utdallas.edu> Cc: Boris Samorodov <bsam@ipt.ru>, ports@FreeBSD.org, Sergey Matveychuk <sem@FreeBSD.org> Subject: Re: FreeBSD Port: mpack-1.6 Message-ID: <20060301203540.GA29563@xor.obsecurity.org> In-Reply-To: <665EA8A520757A68F0485536@utd59514.utdallas.edu> References: <44050D77.2030503@j2d.lam.net.au> <BCA5F50D2461133FF65B3BD8@utd59514.utdallas.edu> <84747890@srv.sem.ipt.ru> <4405F6F0.9050703@FreeBSD.org> <665EA8A520757A68F0485536@utd59514.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 01, 2006 at 02:08:22PM -0600, Paul Schmehl wrote: > So the chances of overwriting a file with the same random char set is clo= se=20 > to nil. Close to nil !=3D nil. I haven't read the code here, but secure handling of temp files requires care. The code should just use mkstemp() though. Kris --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) iD8DBQFEBgWcWry0BWjoQKURAraWAJ9eaz++f7ZEUyiAZQUkEn5pxUlqugCfU02E MlHqKOqpQswUnPO/dwWBOkU= =agLM -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060301203540.GA29563>