You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2006/09/28 00:16:55 UTC
DO NOT REPLY [Bug 40622] New: - enhance apr temp files on NT to be more secure
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40622>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40622
Summary: enhance apr temp files on NT to be more secure
Product: APR
Version: HEAD
Platform: All
OS/Version: Windows XP
Status: NEW
Severity: enhancement
Priority: P5
Component: APR
AssignedTo: bugs@apr.apache.org
ReportedBy: blibbet@gmail.com
CC: blibbet@gmail.com
enhance the NT port to more securely create temp files on NT, via Win32 APIs.
#apr channel excerpt for context:
-----snip-----
wrowe that's a security issue
wrowe you want a temp file
wrowe which we implement securely where-possible.
blibbet secure file on NT?? ok, now i have to chk the code to see what it does...
wrowe no
wrowe :)
wrowe but secure on most linuxes
wrowe where mkstmp is available
wrowe or whatever it's called
wrowe would take a patch for NT blibbet :)
wrowe ok, gotta get back on the ball. back later
blibbet Writing Secure Code, 2nd ed, page 683-684, example of more-secure NT
temp files. book web site has sample code.
wrowe as I said, happy to entertain a patch :)
blibbet i just issued a "ticket" to myself, CC'ed you to remind me...
wrowe :)
wrowe You could also create an apr bug if you liked to track things missing on
win32 that can be implemented
wrowe issues.apache.org/bugzilla/
wrowe just don't mess with the assigned-to, add cc:'s liberally as needed
wrowe we want assigned-to to land on the bug tracking mailing list always.
-----snip-----
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.