[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#278283: insecure temporary file usage in gettextize and autopoin
From: |
Bruno Haible |
Subject: |
Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 14:41:33 +0200 |
User-agent: |
KMail/1.5 |
Joey Hess wrote:
> CAN-2004-0966 describes some insecure uses of temporary files by
> autopoint and gettextize. We seem to be vulnerable, it's stupidity like
> this:
>
> { echo "#! /bin/sh"; echo "exit 0"; } > /tmp/conf$$.sh
>
> There is a patch here:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323
Thanks for the report. The patch may be applicable to RedHat and/or Debian.
It is not applicable in general, however: 'mktemp' is not portable, and
removing support for Woe32 platforms is undesirable as well.
Do you have a suggestion how to create temporary files in /tmp in a
secure way, even on platforms without 'mktemp' program?
Bruno
- Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Santiago Vila, 2004/10/25
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd),
Bruno Haible <=
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/27
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Jarc, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Eggert, 2004/10/26