Re: Bug#19797: libc6-dev: use of /tmp/*$$ in an insecure fashion

To: debian-policy@lists.debian.org
Subject: Re: Bug#19797: libc6-dev: use of /tmp/*$$ in an insecure fashion
From: Bill Mitchell <debian@pny-fmail.webquest.com>
Date: Tue, 16 Jun 1998 09:33:54 +0800 (PHT)
Message-id: <[🔎] Pine.LNX.3.96.980616092536.977B-100000@debian>
In-reply-to: <[🔎] r2ra0q1rol.fsf@happy.cygnus.com>


> > That is correct, 'tempfile' is Debian specific, and we also ship a similar
> > utility from OpenBSD called 'mktemp', I have no idea if other systems also
> > have 'mktemp' utilities.
> The glibcbug script in glibc 2.1 already uses mktemp.

Perhaps the `tempfile' name was a bad choice.  Should appropriate
symlinks to `mktemp' be considered (or a companion `mktemp' helper if
the invocation syntax differs) for closer OpenBSD compatibility?
Since the `tempfile' helper was introduced for hamm, a name change to
`mktemp' might be still feasable, but that would disrupt the hamm freeze.


--  
To UNSUBSCRIBE, email to debian-policy-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Bug#19797: libc6-dev: use of /tmp/*$$ in an insecure fashion
  - From: Ulrich Drepper <drepper@cygnus.com>

Prev by Date: Re: Bug#23512: timezones: tzconfig is undocumented
Next by Date: Re: Bug#23512: timezones: tzconfig is undocumented
Previous by thread: Re: Bug#19797: libc6-dev: use of /tmp/*$$ in an insecure fashion
Next by thread: Re: Bug#19797: libc6-dev: use of /tmp/*$$ in an insecure fashion
Index(es):
- Date
- Thread