Andrew Josey wrote:
> There is a POSIX interpretation which said the requirement stands.
> If i recall correctly, UnixWare implementated a strategy
> that meets both the specification and the security requirement.
Looking at the tmpfile() code in UnixWare, I don't see anything
special here, but then maybe we're talking about two different
issues. I was assuming that the issue (since I don't read the
code for glibc) is the test which uses fstat() to look at the
st_mode of the underlying file descriptor for the stream returned
by tmpfile(). The relevant part of the UnixWare tmpfile.c is
if ((fd = open(tfname, O_CREAT | O_EXCL | O_RDWR, 0)) == 0)
return 0;
unlink(tfname);
return fdopen(fd, "w+");
So, maybe UnixWare just is no longer Unix '95 conformant? It's
not like we're going to reopen a (small but real) security hole
by changing the mode passed to the above open() just to pass a
test suite, if I can help it.
--
Dave Prosser [EMAIL PROTECTED] (908)790-2358 Caldera, Murray Hill, NJ
