bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#278283: insecure temporary file usage in gettextize and autopoin

From: Bruno Haible
Subject: Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd)
Date: Tue, 26 Oct 2004 14:41:33 +0200
User-agent: KMail/1.5 
Joey Hess wrote:
> CAN-2004-0966 describes some insecure uses of temporary files by
> autopoint and gettextize. We seem to be vulnerable, it's stupidity like
> this:
>
>         { echo "#! /bin/sh"; echo "exit 0"; } > /tmp/conf$$.sh
>
> There is a patch here:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136323

Thanks for the report. The patch may be applicable to RedHat and/or Debian.
It is not applicable in general, however: 'mktemp' is not portable, and
removing support for Woe32 platforms is undesirable as well.

Do you have a suggestion how to create temporary files in /tmp in a
secure way, even on platforms without 'mktemp' program?

Bruno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]