[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2008-5378: possible symlink attacks

Thomas Viehmann <tv@beamnet.de> writes:
> Andreas Tille wrote:

>> Args - I've read this and intended to use in both cases mkstemp - but
>> then just forgot this.  I think just for reading files mktemp is fine.
>> The rationale is that I do not really want to rewrite the reading
>> routine which opens the file to read.  The mkstemp function also opens
>> the file and returns a handle - which is just very different from the
>> current code.  I commited a hopefully better patch (where mkstemp is
>> used for writing a file).

> Hm. What is reading here?
> Also, mkstemp(3):
>        The last six characters of template must be "XXXXXX" and these
>        are replaced with a string that makes the  filename
>        unique.   Since it will be modified, template must not be a
>        string constant, but should be declared as a character array.
> so you have the name readily available.

Right, mkstemp gives you a file name that you can then safely open.  In
code where I didn't want to break the existing flow, I've used the
following pattern many times:

    fd = mkstemp(filename);
    if (fd < 0) {
        return NULL;
    /* Go on to use filename as the name of the temporary file... */

It's an extra few system calls, but usually it doesn't matter.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: