[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#278283: insecure temporary file usage in gettextize and autopoin
From: |
Paul Jarc |
Subject: |
Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd) |
Date: |
Tue, 26 Oct 2004 11:00:03 -0400 |
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (gnu/linux) |
Bruno Haible <address@hidden> wrote:
> Not bad, but still not perfect: mktemp is not a POSIX standardized
> utility, and $RANDOM is bash specific.
What sort of threat are you trying to defend against? Even if mktemp
is not available, and even if $RANDOM is empty, mkdir will still
either create a new directory or correctly fail. It won't let you use
an existing directory (or symlink to a directory).
paul
- Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Santiago Vila, 2004/10/25
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Thomas Dickey, 2004/10/27
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd),
Paul Jarc <=
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Alexandre Duret-Lutz, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Bruno Haible, 2004/10/26
- Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd), Paul Eggert, 2004/10/26