You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@apr.apache.org by bu...@apache.org on 2006/09/28 00:16:55 UTC

DO NOT REPLY [Bug 40622] New: - enhance apr temp files on NT to be more secure

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40622>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40622

           Summary: enhance apr temp files on NT to be more secure
           Product: APR
           Version: HEAD
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: APR
        AssignedTo: bugs@apr.apache.org
        ReportedBy: blibbet@gmail.com
                CC: blibbet@gmail.com


enhance the NT port to more securely create temp files on NT, via Win32 APIs.


#apr channel excerpt for context:

-----snip-----
	wrowe	that's a security issue
	wrowe	you want a temp file
	wrowe	which we implement securely where-possible.
	blibbet	secure file on NT?? ok, now i have to chk the code to see what it does...
	wrowe	no
	wrowe	:)
	wrowe	but secure on most linuxes
	wrowe	where mkstmp is available
	wrowe	or whatever it's called
	wrowe	would take a patch for NT blibbet :)
	wrowe	ok, gotta get back on the ball.  back later
	blibbet	Writing Secure Code, 2nd ed, page 683-684, example of more-secure NT
temp files. book web site has sample code.
	wrowe	as I said, happy to entertain a patch :)
	blibbet	i just issued a "ticket" to myself, CC'ed you to remind me...
	wrowe	:)
	wrowe	You could also create an apr bug if you liked to track things missing on
win32 that can be implemented
	wrowe	issues.apache.org/bugzilla/
	wrowe	just don't mess with the assigned-to, add cc:'s liberally as needed
	wrowe	we want assigned-to to land on the bug tracking mailing list always.

-----snip-----

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.