You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Joe Orton <jo...@redhat.com> on 2004/11/17 17:22:11 UTC

Re: cvs commit: apr/file_io/netware mktemp.c

On Fri, Oct 08, 2004 at 09:52:20PM -0000, Jean-Jacques Clar wrote:
> clar        2004/10/08 14:52:20
> 
>   Modified:    file_io/netware Tag: APR_0_9_BRANCH mktemp.c
>   Log:
>   removed the O_EXCL bit from the passed-in flag to allow create then open on temp file

I just noticed this: it looks like the Netware apr_file_mktemp
implementation is unsafe.  Is there a reason why it doesn't use
apr_file_os_put() given the fd from mkstemp() like the Unix
implementation does?  It's the classic "/tmp race" security issue:

    fd = mkstemp(template);
...
    close(fd);

    /* ### file named by template can be replaced here! ### */

    if ((rv = apr_file_open(fp, template, flags|APR_FILE_NOCLEANUP,

joe