On 02/10/2015 06:37 PM, Rich Felker wrote:
On Tue, Feb 10, 2015 at 01:47:01AM -0600, Rob Landley wrote:
rapidly respond to arbitrary file creation ala inotify, we're toast. So
the attack vector would be... saturating the namespace with symlinks?
(It'd be really nice if O_NOFOLLOW was more
On Tue, Feb 10, 2015 at 01:47:01AM -0600, Rob Landley wrote:
sort-of speaking of which... i didn't include this before since it
wasn't really a bug fix but do you think we should use more
randomness? 6 Xes is the minimum you're allowed to pass to the C
library, and the desktop mktemp(1)
On 02/09/2015 06:36 PM, enh wrote:
On Sat, Feb 7, 2015 at 6:02 PM, Rob Landley r...@landley.net wrote:
On 02/07/2015 12:04 PM, enh wrote:
So if we _do_ have tmpdir+template combining to be bigger than the old
PATH_MAX, we silently truncate. That seems more like a throw an error
situation...
Use $TMPDIR if set (necessary on Android, where there is no /tmp).
Include full template in error messages.
Don't report success on failure with -q.
Avoid unnecessary allocation.
Fix xx versus XX confusion.
diff --git a/toys/lsb/mktemp.c b/toys/lsb/mktemp.c
index c1175fe..52e53ee 100644
On 02/07/2015 12:04 PM, enh wrote:
Use $TMPDIR if set (necessary on Android, where there is no /tmp).
Include full template in error messages.
Don't report success on failure with -q.
Avoid unnecessary allocation.
Fix xx versus XX confusion.
Apparently I'm not capable of consistently