You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Chuck Murcko <ch...@topsail.org> on 2002/06/02 12:24:50 UTC

a security nit

Is this warning:

htpasswd.o: In function `main':
/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): 
warning: tmpnam() possibly used unsafely; consider using mkstemp()

1) the sort of thing to involve apr in, or

2) should I just open()/close() the file before it really gets fopen()ed 
thus:

if((tmp_fd = open(tmp_name, O_RDWR|O_CREAT|O_EXCL, 0600)) < 0)
{
      fprintf(stderr, "tmpfile create failure!\n");
      exit(-1);
}
close(tmp_fd);

which still leaves a narrow timing window of attack but is easily 
portable AFAICS.

3) or just rewrite the thing using open()?

It doesn't seem that big a deal to us so I'd opt for 2) which is at 
least a bit tighter.

Thanks,
Chuck

Re: a security nit

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

At 05:24 AM 6/2/2002, Chuck Murcko wrote:
>Is this warning:
>
>htpasswd.o: In function `main':
>/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): warning: 
>tmpnam() possibly used unsafely; consider using mkstemp()
>
>1) the sort of thing to involve apr in, or

Yes... it has to be portable [although not equally effective on all platforms,
that will depend on the API.]

>It doesn't seem that big a deal to us so I'd opt for 2) which is at least 
>a bit tighter.

It is... that's why it's been left with the warning rather than easily 
closing the
warning with option 2 as you suggested.  As long as the warning remains,
it's a kick in the pants to push us to do it the right way.

Bill