Date: Sat, 18 Aug 2012 00:43:15 +0100
From: Tony Finch <dot@dotat.at>
To: Jesper Juhl <jj@chaosbits.net>
cc: linux-kernel@vger.kernel.org, Tony Finch <dot@dotat.at>
Subject: Re: [PATCH] unifdef: set a secure umask before calling mkstemp()
In-Reply-To: <alpine.LNX.2.00.1208172136490.15699@swampdragon.chaosbits.net>
Message-ID: <alpine.LSU.2.00.1208180025311.29492@hermes-1.csi.cam.ac.uk>
References: <alpine.LNX.2.00.1208172136490.15699@swampdragon.chaosbits.net>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1165
Lines: 27

Jesper Juhl <jj@chaosbits.net> wrote:

> In newer glibc's (versions > 2.06) reasonably secure permissions of
> 0600 are used when creating a temporary file with mkstemp(). But for
> older glibc's (versions <= 2.06) 0666 is used which is not secure.

Thanks for your suggestion! I'm afraid I prefer not to make the change.

Unifdef is only using mkstemp as a convenient way to open a file with a
non-clashing name. It isn't trying to be secure, so it's OK just to rely
on the user's umask. And I find it hard to care about a bug that was fixed
15 years ago.

I'm also trying to reduce the unixisms in the program for portability
reasons and this is the most awkward part :-/

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/