Re: CVS commit: pkgsrc/sysutils/gentoo

To: OBATA Akio <obache%netbsd.org@localhost>
Subject: Re: CVS commit: pkgsrc/sysutils/gentoo
From: David Holland <dholland-pkgchanges%netbsd.org@localhost>
Date: Wed, 4 Feb 2009 04:53:21 +0000

On Mon, Jan 26, 2009 at 07:31:14PM +0900, OBATA Akio wrote:
 > > > > This is incorrect - you've introduced insecure-temporary-files.
 > > > >
 > > > > Please put patch-ae back, and revise it to use mkstemp() instead of
 > > > > mkdtemp(). Perhaps something like this (untested):
 > > >
 > > > patch-ae was broken, and I don't think it is so insecure
 > > > (maybe, should pass O_EXCL to open though).
 > >
 > > Not just maybe. It's fully insecure this way.
 > >
 > >  > If you think this issue should be fixed, please.
 > >
 > > I don't have time to do it right, but I'll commit what I've got. If it
 > > turns out not to work, we're no worse off than with the mkdtemp().
 > 
 > Just reported to upstream:
 > https://sourceforge.net/tracker/?func=detail&atid=406763&aid=2537314&group_id=32880

Thanks.

(I just stuck this url in the patch file.)

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: David Holland
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: David Holland
- Re: CVS commit: pkgsrc/sysutils/gentoo
  - From: OBATA Akio

Prev by Date: CVS commit: pkgsrc/sysutils/gentoo
Next by Date: CVS commit: pkgsrc/net/avahi
Previous by Thread: Re: CVS commit: pkgsrc/sysutils/gentoo
Next by Thread: Re: CVS commit: pkgsrc/sysutils/gentoo
Indexes:

Home | Main Index | Thread Index | Old Index