Re: CVE-2008-5378: possible symlink attacks
Thomas Viehmann <tv@beamnet.de> writes:
> Andreas Tille wrote:
>> Args - I've read this and intended to use in both cases mkstemp - but
>> then just forgot this. I think just for reading files mktemp is fine.
>> The rationale is that I do not really want to rewrite the reading
>> routine which opens the file to read. The mkstemp function also opens
>> the file and returns a handle - which is just very different from the
>> current code. I commited a hopefully better patch (where mkstemp is
>> used for writing a file).
> Hm. What is reading here?
> Also, mkstemp(3):
> The last six characters of template must be "XXXXXX" and these
> are replaced with a string that makes the filename
> unique. Since it will be modified, template must not be a
> string constant, but should be declared as a character array.
> so you have the name readily available.
Right, mkstemp gives you a file name that you can then safely open. In
code where I didn't want to break the existing flow, I've used the
following pattern many times:
fd = mkstemp(filename);
if (fd < 0) {
perror("mkstemp");
return NULL;
}
close(fd);
/* Go on to use filename as the name of the temporary file... */
It's an extra few system calls, but usually it doesn't matter.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: