warnings on compile

Kenichi Okuyama okuyamak at dd.iij4u.or.jp
Mon Dec 18 01:54:20 GMT 2000


Can you explain more deeply about this? I don't seems to understand
what you're saying.

>>>>> "AT" == Andrew Tridgell <tridge at linuxcare.com> writes:
AT> We continue to use mktemp() because the alternatives are worse.
AT> If we switched to using something based on mkstemp() then we would
AT> actually open up a security hole! That is because some platforms open
AT> the file in mkstemp() with permissions of 0666, which allows an
AT> attacker to modify the file contents. That's why recent Linux man
AT> pages recommend NOT using mkstemp() and instead using tmpfile().

There seems to be another selection, make our own mkstemp/tmpfile or
whatever. I don't think it's good idea to use stdlib's mkstemp()
too, but I don't think it's good idea to use mktemp() as well, and
also, not having mkstemp() type of function that hides every messy
thing that we have to deal with for temporary files, seems bad idea
for me as well.

As far as I can understand, mkstemp() of stdlib does not meet our
request because of two reason ( not just one ).

1) mkstemp() sometimes create file with name not appropreate for us.
   We have no way to control which character will be used for
   creating temporary filename.
2) mkstemp() create temporary file with permission of 0666.

Doesn't these simply means that we need mkstemp() of our own?  We
need both filename generator that only uses characters that we
require, and with 'mode' parameter, aren't we?
# And according to what I understand so far, creating mkstemp()
# is QUITE easy, if we have good enough random generator.
# And I believe we already do, aren't we?

Why do you stick to using mktemp()? I mean, mktemp() doesn't meet
reason 1) anyway, why try to use it?
Kenichi Okuyama at Tokyo Research Lab, IBM-Japan, Co.

More information about the samba-technical mailing list