| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LNX.2.00.0809161835530.6202@swampdragon.chaosbits.net> Date: Tue, 16 Sep 2008 18:36:57 +0200 (CEST) From: Jesper Juhl <jj@...osbits.net> To: Tony Finch <dot@...at.at> cc: linux-kernel@...r.kernel.org Subject: Re: [PATCH] unifdef: set a secure umask before calling mkstemp() On Sat, 18 Aug 2012, Tony Finch wrote: > Jesper Juhl <jj@...osbits.net> wrote: > > > In newer glibc's (versions > 2.06) reasonably secure permissions of > > 0600 are used when creating a temporary file with mkstemp(). But for > > older glibc's (versions <= 2.06) 0666 is used which is not secure. > > Thanks for your suggestion! I'm afraid I prefer not to make the change. > > Unifdef is only using mkstemp as a convenient way to open a file with a > non-clashing name. It isn't trying to be secure, so it's OK just to rely > on the user's umask. And I find it hard to care about a bug that was fixed > 15 years ago. > > I'm also trying to reduce the unixisms in the program for portability > reasons and this is the most awkward part :-/ > Fair enough. :-) Just ignore the patch. Have a nice day. -- Jesper Juhl <jj@...osbits.net> http://www.chaosbits.net/ Don't top-post http://www.catb.org/jargon/html/T/top-post.html Plain text mails only, please. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists