LFS 5.0 Patch-2.5.4 Chapt 5 mktemp ?
allard at nospam.nl
Fri Jan 23 15:36:25 PST 2004
On Friday 23 January 2004 23:51, jmh wrote:
> My first attempt at LFS, and this is a restart for me.
> I'm guessing the above isn't an issue as I cannot find
> much taht seems relivant regarding this:
> patch.o(.text+0x2d22): In function 'make_temp':...use of
> mktemp is dangerous, better use 'mkstemp'
> during make.
> Is this something to fix or should I just ignore it?
mktemp and mkstemp do the same thing (both create a unique temporary file)
except that mkstemp gaurantees that no other process can accidentally create
a file with the same name (verry small chance) by opening it for you at the
same time with 0600 (r/w) permissions. The issue is security related. There
is a small chance that a malicious hacker will pirate the process by
substituting a temporary file created in this manner with a another
containing some malicious content. (see chapters_14.html#SEC296 of the libc
Seeing the program I'm working on at the moment is not co-operating, perhaps
I'll take a look - bit tipsy right now, but I'll try to remember.
Regards - Allard
allard at quicknet.nl
More information about the lfs-support