On Thu, Nov 23, 2000 at 05:50:06PM -0500, Daniel Burrows wrote: > On Thu, Nov 23, 2000 at 06:35:54PM -0400, Peter Cordes <[EMAIL PROTECTED]> > was heard to say: > > > ghostscript uses temporary files to do some of its work. Unfortunately > > > the method used to create those files wasn't secure: mktemp was used > > > to create a name for a temporary file, but the file was not opened > > > safely. > > There seems to be a lot of this going on. Is it possible to modify glibc > > so that it flags dangerous actions with stuff in /tmp? > > When I link aptitude, I get a warning about "mktemp is insecure and > should not be used". (ObImNotACompleteIdiot: aptitude creates temporary files > in a 600 subdirectory of the user's $HOME, which as far as I know should be > fairly secure -- please tell me if I'm wrong!) > > So I think something like this is already done somewhere.
Yeah, that's at link time. gcc (or ld I guess) warns about gets(), too. I was thinking a runtime check would be useful, since then you could actually check whether the argument was a private directory or a publicly-writeable one like /tmp, and be fairly sure you weren't seing false alarms. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
