[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bison (Re: Owl packages with dangerous "tmp" functions)
From: |
Hans Aberg |
Subject: |
Re: bison (Re: Owl packages with dangerous "tmp" functions) |
Date: |
Thu, 4 Jan 2001 11:01:11 +0100 |
At 12:36 +0300 1-01-04, Solar Designer wrote:
>I am now attaching the patch against bison-1.28. The configure
>script in bison already has a check for mkstemp(3), which I'm using
>in the patch, so it should be sufficient to add #ifdef HAVE_MKSTEMP
>as appropriate to make this patch portable. Of course, it would be
>better to also include a safe version of the code for systems which
>don't have mkstemp. (Perhaps, tryopen() could be changed to support
>"x" for O_EXCL/fdopen such that this will allow for no worse a DoS.)
Try the bison (latest development) version available at
ftp://alpha.gnu.org/gnu/cvs/
which has changed rather a lot since 1.28.
-- For example, there are no longer any use of temporary files.
Hans Aberg