Robert C. Seacord [EMAIL PROTECTED] wrote:
I've seen advice here and there to use the mkdtemp() function to create
temporary directories, for example:
...
- David Wheeler's Secure Programming for Linux and Unix HOWTO at
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
David,
Thanks for the explanation of mkdtemp(). I got confused reading the man
page because I wasn't expecting the function to return char *, but I
guess that makes sense.
I wish that the C standard body would update the C library and add
an exclusive create capability for fopen(), so that
At 8:45 AM -0500 12/30/06, Leichter, Jerry wrote:
[MJoderator: This is likely beyond the point of general interest to sc-l]
Actually, I disagree, in that it seems to expose a set of vulnerabilities
not known even to language implementors.
On Fri, 29 Dec 2006, ljknews wrote:
| But these are
[MJoderator: This is likely beyond the point of general interest to sc-l]
On Fri, 29 Dec 2006, ljknews wrote:
| Date: Fri, 29 Dec 2006 20:49:01 -0500
| From: ljknews [EMAIL PROTECTED]
| To: sc-l@securecoding.org
| Subject: Re: [SC-L] temporary directories
|
| At 6:56 PM -0500 12/29/06
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to the file (surely Unix has that, right?)
You can
At 5:11 PM +0100 12/30/06, Florian Weimer wrote:
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to
Florian Weimer:
I gather you are saying that the innards of Unix will force creation
of an unwanted directory entry on the Ada implementation of the required
null name support for packagename.CREATE . The Ada implementation
could rely on exclusive access to the file (surely Unix has that,
I've seen advice here and there to use the mkdtemp() function to create
temporary directories, for example:
- Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
recommends them
- David Wheeler's Secure Programming for Linux and Unix HOWTO at
At 6:56 PM -0500 12/29/06, Leichter, Jerry wrote:
| Not on Unix, but I tend to use temporary names based on the Process ID
| that is executing. And of course file protection prevents malevolent
| access.
|
| But for a temporary file, I will specify a file that is not in any
| directory. I