bug-standards
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: world readable temp files and bash? set -C, noclobber (gnustandards

From: Karl Berry
Subject: Re: world readable temp files and bash? set -C, noclobber (gnustandards suggestion and/or question)
Date: Fri, 28 Jan 2011 00:48:49 GMT 
    rw> You could mention that mktemp is available everywhere.

I don't think it is.  Solaris.
(The page Michael referenced,
http://www.linuxsecurity.com/content/view/115462/151/, mentioned some
other unportabilities.)

    rw> 'info Autoconf --index mktemp' also has a recommendation for a
    portable alternative.

Yep, so you know (as I expected :) that it's not available everywhere or
you wouldn't need a "portable alternative" :).

BTW, $RANDOM (used in that sample code) surely isn't portable either,
and without $RANDOM it's still more or less feasible for attackers, as
the coreutils page (and Michael's url) go into.

All in all, I think I'll just refer to the coreutils page.

    ma> Now I see that mktemp is not a substitute for 'noclobber', but a
    good addition to it.

Right.  I adjusted the text along the lines you wrote.

I'll push this out tomorrow, hopefully, barring further haggling :).

Thanks,
Karl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]