[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Improvement on /tmp code fix?
From: |
T.E.Dickey |
Subject: |
Re: LYNX-DEV Improvement on /tmp code fix? |
Date: |
Sat, 12 Jul 1997 19:04:44 -0400 (EDT) |
> I finally got around to looking at fotemods/src/LYUtils.c:tempname()
> and it looks like there's still quite a window of opportunity for
> people to exploit a nasty race condition (i.e. they can make the
> symlinks after tempname() does its checks but before the file is
> created, in another process).
>
> I made a diff which uses open(filename, O_CREAT|O_EXCL|O_RDWR, 0600)
> which means that tempname() creates the file mode 0600 when it's
not all systems support 3-parameter 'open()' - probably not a lot anymore,
but they exist - and some of them are prototyped (I remember being bitten
by that). we'll have to work around this at some point - though I agree
in principle with what you're suggesting, the details aren't right yet.
> That code will need an #ifdef for UNIX-only. I'm not sure what the
> portability of fopen -> open will be. If setting the mode to 0600
use fdopen - it's reasonably portable, and fills the gap that you're leaving.
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV Improvement on /tmp code fix?, Jonathan Sergent, 1997/07/12
- Re: LYNX-DEV Improvement on /tmp code fix?,
T.E.Dickey <=
- Re: LYNX-DEV Improvement on /tmp code fix?, Jonathan Sergent, 1997/07/13
- Re: LYNX-DEV Improvement on /tmp code fix?, T.E.Dickey, 1997/07/13
- Re: LYNX-DEV Improvement on /tmp code fix?, Jonathan Sergent, 1997/07/13
- Re: LYNX-DEV Improvement on /tmp code fix?, Jonathan Sergent, 1997/07/13
- Re: LYNX-DEV Improvement on /tmp code fix?, T.E.Dickey, 1997/07/13