Nikolai Weibull wrote:
> On Sun, Jul 20, 2008 at 16:01, Bram Moolenaar <[EMAIL PROTECTED]> wrote: > > > Jan Minar wrote: > > >> The configure can just use a fixed file name in the current directory. > >> > >> Anyway, I have adapted some code from src/auto/configure that will > >> work on systems without mktemp(1) -- patch attached. > > > There probably is a small security hole in this as well. A targeted > > symlink attack might work. mktemp() is suppose to use a special open() > > call that avoids symlinks and creates the file in a way it can't be > > interrupted. I think it's better to rely on mktemp for that reason. > > It's not something you can do in a shell. > > The pipe solution still exists and is secure. According to the POSIX > standard, "make -f -" should make make process standard input: > > http://www.opengroup.org/onlinepubs/009695399/utilities/make.html There are make programs that were written before POSIX. I don't think they should break the configure script. -- Eight Megabytes And Continually Swapping. /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
