[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2008-5378: possible symlink attacks

On Mon, 29 Dec 2008, Russ Allbery wrote:

Right, mkstemp gives you a file name that you can then safely open.  In
code where I didn't want to break the existing flow, I've used the
following pattern many times:

   fd = mkstemp(filename);
   if (fd < 0) {
       return NULL;
   /* Go on to use filename as the name of the temporary file... */

It's an extra few system calls, but usually it doesn't matter.

Thanks for this additional hint.  Actually I've thought about
this option and it is a good hint  that it is not unusual. But
as I said in my previous mail, at this place I need to open an
existing file and we do not need a random filename here.

Kind regards



Reply to: