On Sun, Nov 21, 2010 at 12:53:43PM +0000, Alexander Lamaison wrote: > On 21 November 2010 12:44, Ben Kibbey <[email protected]> wrote: > > > > I get a warning during linking about tempnam(3) being insecure. Heres a > > a patch to write the knownhosts to an already open file stream (which I > > create with tmpfile(3). > > Passing a FILE* across an API call is a really bad idea. Unless > you're linking statically, this can corrupt the C-runtime memory as > you're passing an object owned by one runtime instance to another. > Although there are a couple of calls in libssh2 that still do this, > we're trying to get rid of them.
Is it only the FILE* structure? What about the file descriptor of the opened stream obtained from fileno(3)? Is that safe? -- Ben Kibbey [XMPP: bjk AT thiessen DOT im] - [IRC: (bjk) FreeNode/OFTC] _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
