oss-sec mailing list archives
Re: CVE id request: mktemp
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 18 Aug 2008 13:36:43 +0200
Hi Sebastian, * Sebastian Krahmer <krahmer () suse de> [2008-08-18 13:25]:
BTW, mktemp(1) is using O_EXCL anyway, so I dont see an issue. Additionally all of our scripts use more than 6 X' as also shown in the example section of the manpage. We are not going to release updates for this non-issue.
This is known but as I wrote in the bug report: "the file is safely created with O_EXCL and 0600, still unsafe if used with -u" Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: mktemp Nico Golde (Aug 15)
- Re: CVE id request: mktemp Todd C. Miller (Aug 15)
- Re: CVE id request: mktemp Sebastian Krahmer (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Steven M. Christey (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)