Bugtraq mailing list archives
Re: Insecure use of file in /tmp by trn
From: bluca () COMEDIA IT (Luca Berra)
Date: Mon, 30 Aug 1999 11:42:00 +0200
On Sat, Aug 28, 1999 at 12:44:19AM -0600, Theo de Raadt wrote:
Funny how the man page does not say that this is derived from OpenBSD. I'll include the new man page down below to show how we have improved both the program and the manual page since. It's also good for people to actually know what the flags mean.
.....
SYNOPSIS mktemp [-d] [-q] [-u] template
...
SEE ALSO mkdtemp(3), mkstemp(3), mktemp(3)
Dunno for debian, redhat includes the openbsd mktemp with the -d option disabled since Linux libc5 and gnu libc2 don't have the mkdtemp() call. i dunno why, it is trivial. besides that glibc2.0.7 has a buggy mktemp() which returns a pointer to "\0" instead of NULL when it fails besides that glibc2.1 changed the mk(s)temp function so the generated filename does not anymore use the pid name with an unique letter :(, dinna check the source for the return value. older glibc had problems with permission of files created with mkstemp() for these reason i wrote a mktemp(1) replacement that does not call libc, if someone is interseted check http://www.comedia.it/bluca/mktemp.c i won't waste bandwith posting a man page (er. actually i am too lazy to write one) regards, Luca -- Luca Berra -- bluca () comedia it Communications Media & Services S.r.l.
Current thread:
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 22)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 23)
- <Possible follow-ups>
- Re: Insecure use of file in /tmp by trn Richard Kettlewell (Aug 23)
- Re: Insecure use of file in /tmp by trn Ben Pfaff (Aug 24)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)
- Re: Insecure use of file in /tmp by trn Martin Schulze (Aug 29)
- WU-FTPD Security Update Thomas Biege (Aug 29)
- Re: Insecure use of file in /tmp by trn Luca Berra (Aug 30)
- Re: Insecure use of file in /tmp by trn Shuman (Aug 28)
- Re: Insecure use of file in /tmp by trn Todd C. Miller (Aug 30)
- Re: Insecure use of file in /tmp by trn Rogier Wolff (Aug 28)
- Vixie Cron version 3.0pl1 vulnerable to root exploit Martin Schulze (Aug 28)
- Re: Insecure use of file in /tmp by trn Theo de Raadt (Aug 27)