Warnings under OpenBSD
Andrew Tridgell
tridge at samba.org
Wed Jun 9 00:14:56 GMT 1999
> > unfortunately these sort of "dumb programmer detection" systems don't
> > detect when someone is using a oft-abused function correctly, so they
> > spit out warnings, which means our mailboxes fill up with people
> > telling us that we have a security hole.
>
> Now, now. I just asked for comments. ;)
oh, I didn't mean your email, I don't mind people like you asking
about stuff like this, what I was referring to was all the emails
telling me "samba has a security hole because it uses mktemp()".
> ...and OpenBSD does the opposite. I'd be interested to know what
> "doesn't work correctly" regarding setreguid(). I'll ask (and then
> immediately duck for cover).
ok. the main thing to find out is if it is a problem on other
platforms too, in which case we might switch to using setegid() by
default again.
Cheers, Tridge
More information about the samba-technical
mailing list