oss-sec mailing list archives
Re: CVE id request: mktemp
From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Mon, 18 Aug 2008 07:47:53 -0400
In message <20080818085956.GB29717 () suse de>
so spake Sebastian Krahmer (krahmer):
BTW, mktemp(1) is using O_EXCL anyway, so I dont see an issue. Additionally all of our scripts use more than 6 X' as also shown in the example section of the manpage. We are not going to release updates for this non-issue.
I don't think it is a security issue either. Vendors can also just configure mktemp with the --with-libc flag to use the libc mkstemp()/mkdtemp() functions instead of the bundled version if they prefer. - todd
Current thread:
- CVE id request: mktemp Nico Golde (Aug 15)
- Re: CVE id request: mktemp Todd C. Miller (Aug 15)
- Re: CVE id request: mktemp Sebastian Krahmer (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Steven M. Christey (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)
- Re: CVE id request: mktemp Todd C. Miller (Aug 18)
- Re: CVE id request: mktemp Nico Golde (Aug 18)