[nas] Compiler warnings
Steve McIntyre
stevem at chiark.greenend.org.uk
Wed Dec 13 01:00:44 MST 2000
On Tue, Dec 12, 2000 at 09:20:11PM -0700, Jon Trulson wrote:
>On Mon, 11 Dec 2000, Steve McIntyre wrote:
>
>> clients/audio/auconvert/auconvert.c:
>> clients/audio/auedit/auedit.c:
>> warnings about mktemp(3) safety. The suggestion is to use mkstemp()
>> instead; I think I've done the right thing - comments please.
>
> With these, I added an Architecture check in the Imakefile, to
>enable '-DHAS_MKSTEMP' for fbsd and linux. My lowly UW2 box only supports
>it in the ucb library, which I try to avoid... This would be ideal for
>autoconf someday... ;-)
In case it's not obvious, using mktemp here _is_ a security hole that
is relatively easy to exploit via a simple symlink race. Don't run
this stuff if you have malicious users on your system. It's possibly
worth adding a local mkstemp()-like routine for the systems that don't
have one.
[ Others added ]
Thanks.
--
Steve McIntyre, Cambridge, UK. stevem at chiark.greenend.org.uk
Getting a SCSI chain working is perfectly simple if you remember that there
must be exactly three terminations: one on one end of the cable, one on the
far end, and the goat, terminated over the SCSI chain with a silver-handled
knife whilst burning *black* candles. --- Anthony DeBoer
More information about the Nas
mailing list