PATCH: temp fixes, again
Marcus Meissner
meissner at suse.de
Mon Jul 29 03:14:08 CDT 2002
On Sat, Jul 27, 2002 at 09:13:09AM -0700, WINE wrote:
> Marcus Meissner <meissner at suse.de> writes:
>
> > This has been some time ago, and those old libc versions should not be used
> > anymore for security reasons.
>
> Well the man page says "Don't use this function", and if it's broken
> in old glibc it can be broken on other systems too. I think it's safer
> to do the open ourselves, especially since this is pretty trivial to
> do.
Actually there are a lot of programs using mkstemp now and it would
be terrible if they were all broken.
> > If you have a description on what was broken I can whip up a configure
> > check though.
> The bug is that the temp file is created with mode 0666. But you can't
> do a configure check for a run-time feature/bug anyway.
According to my manpage this was fixed in glibc 2.0.7, which was released
3 years ago.
I do not see why we should not use mkstemp, it is one of the canonical
ways of creating tempfiles throughout the security community.
Ciao, Marcus
More information about the wine-devel
mailing list