On Mon, 29 Dec 2008, Thomas Viehmann wrote:
Never use mktemp().
Args - I've read this and intended to use in both cases mkstemp - but then just forgot this. I think just for reading files mktemp is fine. The rationale is that I do not really want to rewrite the reading routine which opens the file to read. The mkstemp function also opens the file and returns a handle - which is just very different from the current code. I commited a hopefully better patch (where mkstemp is used for writing a file).
(This is what I meant with my comment to think about securely created filenames instead of files, you need to use mk*s*temp which has different semantics).
At least I had the good idea to ask vor cross checking ...
The killing part is also still somewhat wrong, IMO you want something along the lines of x=$(stat -c '%u %f' x) ; [ "${x%???}" == "$UID 8" ] || echo fail to test whether it's a regular file that you own (though there is bound to be a prettier way to verify that, even if [ -f ... ] is not part of it).
Do you think that this is definitely needed to avoid any security problem in this specific case? Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org