debian-security (was: Re: Secure temporary fifo creation)
On Mon, 2004-05-17 at 19:02, Will Newton wrote:
> On Monday 17 May 2004 03:30, Greg Deitrick wrote:
>
> > Looking at the man pages for various library calls it appears that
> > tmpfile(3) is probably an acceptable means of creating a temporary file,
> > but this returns a FILE *. The upstram source I'm packaging needs to make
> > a temporary fifo. It uses tempnam(3) to get a temporary file name as a
> > char *, and then mkfifo(3) to make the fifo named pipe from the file name.
> > Is this sufficiently secure? Should I post this to debian-security?
>
> debian-security is an inappropriate address to sent this type of query to. It
> is intended for security advisories and alerts.
Codswallop! That would be d-s-*announce*, which is moderated anyway. (Or
team@security.d.o, which is an alias as opposed to a list).
As <URL:http://lists.debian.org/debian-security/> says:
<quote>
debian-security mailing list
Security in Debian
Discussion about security issues, including cryptographic issues, that
are of interest to all parts of the Debian community.
Please note that this is NOT an announcement mailing list. If you're
looking for security alerts from Debian, subscribe to
debian-security-announce instead.
</quote>
Adam
Reply to: