Re: [bug-enscript] enscript and temp file location

bug-enscript

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-enscript] enscript and temp file location

From:	Shawn McMahon
Subject:	Re: [bug-enscript] enscript and temp file location
Date:	Fri, 25 Apr 2008 17:36:17 -0400

On Fri, 2008-04-25 at 11:50 +0300, Tapani Tarvainen wrote:
>
> My vote goes to using mkstemp() despite the extra code required,
> preferably using TMPDIR environment variable. See, e.g., the
> example function smart_create_tempfile at
> http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html

Why wouldn't we just use the simpler example:

char *filename;
 int fd;

 do {
   filename = tempnam (NULL, "foo");
   fd = open (filename, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 0600);
   free (filename);
 } while (fd == -1);

I would think (naively, perhaps?) that would be plenty secure for what we're 
doing here, and would honor TMPDIR.

Replacing "foo" with "enscript" of course.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-enscript] enscript and temp file location, Giulio Orsero, 2008/04/24
- Message not available
  - Re: [bug-enscript] enscript and temp file location, Giulio Orsero, 2008/04/25
    - Re: [bug-enscript] enscript and temp file location, Tapani Tarvainen, 2008/04/25
    - Re: [bug-enscript] enscript and temp file location, Shawn McMahon <=
    - Re: [bug-enscript] enscript and temp file location, Tapani Tarvainen, 2008/04/25
    - Re: [bug-enscript] enscript and temp file location, Giulio Orsero, 2008/04/30

Prev by Date: Re: [bug-enscript] enscript and temp file location
Next by Date: Re: [bug-enscript] enscript and temp file location
Previous by thread: Re: [bug-enscript] enscript and temp file location
Next by thread: Re: [bug-enscript] enscript and temp file location
Index(es):
- Date
- Thread