LFS 5.0 Patch-2.5.4 Chapt 5 mktemp ?

Allard Welter allard at nospam.nl
Fri Jan 23 15:36:25 PST 2004


On Friday 23 January 2004 23:51, jmh wrote:
> My first attempt at LFS, and this is a restart for me.
>
> I'm guessing the above isn't an issue as I cannot find
> much taht seems relivant regarding this:
>
> patch.o(.text+0x2d22): In function 'make_temp':...use of
> mktemp is dangerous, better use 'mkstemp'
>
> during make.
>
> Is this something to fix or should I just ignore it?
>
> jmh

mktemp and mkstemp do the same thing (both create a unique temporary file) 
except that mkstemp gaurantees that no other process can accidentally create 
a file with the same name (verry small chance) by opening it for you at the 
same time with 0600 (r/w) permissions. The issue is security related. There 
is a small chance that a malicious hacker will pirate the process by 
substituting a temporary file created in this manner with a another 
containing some malicious content. (see chapters_14.html#SEC296 of the libc 
manual).

Seeing the program I'm working on at the moment is not co-operating, perhaps 
I'll take a look - bit tipsy right now, but I'll try to remember.

Regards - Allard

-- 
allard at quicknet.nl




More information about the lfs-support mailing list