David,
Thanks for the explanation of mkdtemp(). I got confused reading the man
page because I wasn't expecting the function to return char *, but I
guess that makes sense.
> I wish that the C standard body would update the C library and add
> an "exclusive create" capability for fopen(), so that
"Robert C. Seacord" <[EMAIL PROTECTED]> wrote:
> I've seen advice here and there to use the mkdtemp() function to create
> temporary directories, for example:
...
> - David Wheeler's Secure Programming for Linux and Unix HOWTO at
> http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
Florian Weimer:
> > I gather you are saying that the innards of Unix will force creation
> > of an unwanted directory entry on the Ada implementation of the required
> > null name support for .CREATE . The Ada implementation
> > could rely on exclusive access to the file (surely Unix has that, rig
At 5:11 PM +0100 12/30/06, Florian Weimer wrote:
>> I gather you are saying that the innards of Unix will force creation
>> of an unwanted directory entry on the Ada implementation of the required
>> null name support for .CREATE . The Ada implementation
>> could rely on exclusive access to the f
> I gather you are saying that the innards of Unix will force creation
> of an unwanted directory entry on the Ada implementation of the required
> null name support for .CREATE . The Ada implementation
> could rely on exclusive access to the file (surely Unix has that, right?)
You can create fil
[MJoderator: This is likely beyond the point of general interest to sc-l]
On Fri, 29 Dec 2006, ljknews wrote:
| Date: Fri, 29 Dec 2006 20:49:01 -0500
| From: ljknews <[EMAIL PROTECTED]>
| To: sc-l@securecoding.org
| Subject: Re: [SC-L] temporary directories
|
| At 6:56 PM -0500 12
At 8:45 AM -0500 12/30/06, Leichter, Jerry wrote:
> [MJoderator: This is likely beyond the point of general interest to sc-l]
Actually, I disagree, in that it seems to expose a set of vulnerabilities
not known even to language implementors.
> On Fri, 29 Dec 2006, ljknews wrote:
> | But these a
>> But for a temporary file, I will specify a file that is not in any
>> directory. I presume there is such a capbility in Unix.
> You presume incorrectly.
Yes and no.
Unix does have files that do not have names in any directory. What it
does not have is creation of such files without the exist
Friday, December 29, 2006 18:56
Subject: Re: [SC-L] temporary directories
| Not on Unix, but I tend to use temporary names based on the Process ID
| that is executing. And of course file protection prevents malevolent
| access.
|
| But for a temporary file, I will specify
| Not on Unix, but I tend to use temporary names based on the Process ID
| that is executing. And of course file protection prevents malevolent
| access.
|
| But for a temporary file, I will specify a file that is not in any
| directory. I presume there is such a capbility in Unix.
You presume i
At 6:56 PM -0500 12/29/06, Leichter, Jerry wrote:
> | Not on Unix, but I tend to use temporary names based on the Process ID
> | that is executing. And of course file protection prevents malevolent
> | access.
> |
> | But for a temporary file, I will specify a file that is not in any
> | director
At 1:41 PM -0500 12/29/06, Robert C. Seacord wrote:
> I've seen advice here and there to use the mkdtemp() function to create
> temporary directories, for example:
>
> - Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
> recommends them
>
> - David Wheeler's Secure Programming for L
I've seen advice here and there to use the mkdtemp() function to create
temporary directories, for example:
- Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
recommends them
- David Wheeler's Secure Programming for Linux and Unix HOWTO at
http://www.dwheeler.com/secure-programs/Se
13 matches
Mail list logo
