Re: [SC-L] temporary directories

2007-01-03 Thread David A. Wheeler
Robert C. Seacord [EMAIL PROTECTED] wrote: I've seen advice here and there to use the mkdtemp() function to create temporary directories, for example: ... - David Wheeler's Secure Programming for Linux and Unix HOWTO at http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

Re: [SC-L] temporary directories

2007-01-03 Thread Robert C. Seacord
David, Thanks for the explanation of mkdtemp(). I got confused reading the man page because I wasn't expecting the function to return char *, but I guess that makes sense. I wish that the C standard body would update the C library and add an exclusive create capability for fopen(), so that

Re: [SC-L] temporary directories

2007-01-02 Thread ljknews
At 8:45 AM -0500 12/30/06, Leichter, Jerry wrote: [MJoderator: This is likely beyond the point of general interest to sc-l] Actually, I disagree, in that it seems to expose a set of vulnerabilities not known even to language implementors. On Fri, 29 Dec 2006, ljknews wrote: | But these are

Re: [SC-L] temporary directories

2007-01-02 Thread Leichter, Jerry
[MJoderator: This is likely beyond the point of general interest to sc-l] On Fri, 29 Dec 2006, ljknews wrote: | Date: Fri, 29 Dec 2006 20:49:01 -0500 | From: ljknews [EMAIL PROTECTED] | To: sc-l@securecoding.org | Subject: Re: [SC-L] temporary directories | | At 6:56 PM -0500 12/29/06

Re: [SC-L] temporary directories

2007-01-02 Thread Florian Weimer
I gather you are saying that the innards of Unix will force creation of an unwanted directory entry on the Ada implementation of the required null name support for packagename.CREATE . The Ada implementation could rely on exclusive access to the file (surely Unix has that, right?) You can

Re: [SC-L] temporary directories

2007-01-02 Thread ljknews
At 5:11 PM +0100 12/30/06, Florian Weimer wrote: I gather you are saying that the innards of Unix will force creation of an unwanted directory entry on the Ada implementation of the required null name support for packagename.CREATE . The Ada implementation could rely on exclusive access to

Re: [SC-L] temporary directories

2007-01-02 Thread Wietse Venema
Florian Weimer: I gather you are saying that the innards of Unix will force creation of an unwanted directory entry on the Ada implementation of the required null name support for packagename.CREATE . The Ada implementation could rely on exclusive access to the file (surely Unix has that,

[SC-L] temporary directories

2006-12-29 Thread Robert C. Seacord
I've seen advice here and there to use the mkdtemp() function to create temporary directories, for example: - Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3 recommends them - David Wheeler's Secure Programming for Linux and Unix HOWTO at

Re: [SC-L] temporary directories

2006-12-29 Thread ljknews
At 6:56 PM -0500 12/29/06, Leichter, Jerry wrote: | Not on Unix, but I tend to use temporary names based on the Process ID | that is executing. And of course file protection prevents malevolent | access. | | But for a temporary file, I will specify a file that is not in any | directory. I