#10738: insecure temp file in testcc.sh, testcxx.sh
-----------------------+----------------------------------------------------
Reporter: vbraun | Owner:
Type: defect | Status: new
Priority: minor | Milestone:
Component: scripts | Keywords:
Author: | Upstream: N/A
Reviewer: | Merged:
Work_issues: |
-----------------------+----------------------------------------------------
Changes (by drkirkby):
* cc: pjeremy, jdemeyer (added)
Comment:
{{{mktemp}}} is not POSIX, so how (if at all) it is implemented on a
platform is anyone's guess. I know it's implemented differently on Solaris
to Linux, but it may well not exist on AIX, HP-UX or any other POSIX
system. So let's forget about {{{mktemp}}} using such a command.
I fail to see how one could use this script to delete a file that one
could not delete with rm. The write would fail unless one had write access
to the file one wished to delete.
So unless I'm missing something, this has absolutely zero security risk.
I've cc'ed a couple of others for their opinion.
Dave
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/10738#comment:1>
Sage <http://www.sagemath.org>
Sage: Creating a Viable Open Source Alternative to Magma, Maple, Mathematica,
and MATLAB
--
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en.
