Re: tmpnam usage warning

To: debian-devel@lists.debian.org
Subject: Re: tmpnam usage warning
From: Colin Tuckley <colin@tuckley.org>
Date: Fri, 29 Dec 2006 21:23:15 +0000
Message-id: <[🔎] 45958743.70206@tuckley.org>
In-reply-to: <[🔎] 20061229204131.GA8854@kitenet.net>
References: <[🔎] 4594EB53.5010505@tuckley.org> <[🔎] 20061229204131.GA8854@kitenet.net>

Joey Hess wrote:

> No, tmpnam generates a name for a file that did not exist at some point
> in time, but that *will* exist in the worst possible state (eg, a
> symlink to something important) when an attacker is targeting your program.

Which is why I'm trying to find a way to get rid of the calls to it in the
program I'm packaging.

regards,

Colin

-- 
Colin Tuckley      |  colin@tuckley.org  |  PGP/GnuPG Key Id
+44(0)1903 236872  |  +44(0)7799 143369  |     0x1B3045CE

"Heisenberg may have slept here"

Reply to:

References:
- tmpnam usage warning
  - From: Colin Tuckley <colin@tuckley.org>
- Re: tmpnam usage warning
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Bell's theorem refuted. More information at ...
Next by Date: Bug#404978: ITP: gktools -- GUI utilities for managing Kerberos V tickets
Previous by thread: Re: tmpnam usage warning
Next by thread: Bug#404932: ITP: xserver-xorg-input-evtouch -- Evtouch is a Touchscreen-Driver for X.
Index(es):
- Date
- Thread