Re: [SC-L] temporary directories

2007-01-03 Thread David A. Wheeler
Robert C. Seacord [EMAIL PROTECTED] wrote: I've seen advice here and there to use the mkdtemp() function to create temporary directories, for example: ... - David Wheeler's Secure Programming for Linux and Unix HOWTO at http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

Re: [SC-L] temporary directories

2007-01-03 Thread Robert C. Seacord
David, Thanks for the explanation of mkdtemp(). I got confused reading the man page because I wasn't expecting the function to return char *, but I guess that makes sense. I wish that the C standard body would update the C library and add an exclusive create capability for fopen(), so that

Re: [SC-L] Building Security In vs Auditing

2007-01-03 Thread McGovern, James F (HTSC, IT)
Gary, I would love a little refinement of the benefits to badnessometers. Let's say I get a tool to tell me something I already suspect is wrong, what percentage of the population are better than they expected? The reason why I ask this question is that in our culture if I have a sense