[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: pkgsrc/sysutils/gentoo
On Mon, Jan 26, 2009 at 10:12:43AM +0900, OBATA Akio wrote:
> > This is incorrect - you've introduced insecure-temporary-files.
> > Please put patch-ae back, and revise it to use mkstemp() instead of
> > mkdtemp(). Perhaps something like this (untested):
> patch-ae was broken, and I don't think it is so insecure
> (maybe, should pass O_EXCL to open though).
Not just maybe. It's fully insecure this way.
> If you think this issue should be fixed, please.
I don't have time to do it right, but I'll commit what I've got. If it
turns out not to work, we're no worse off than with the mkdtemp().
David A. Holland
Main Index |
Thread Index |