develooper Front page | perl.perl5.porters | Postings from February 2000

Re: README: three important security proposals

Thread Previous
Tom Christiansen
February 7, 2000 07:42
Re: README: three important security proposals
Message ID:
>That's a nice summary.


>Now if someone will be so kind as to add the necessary code to IO.xs,
>I'd be glad to put it in.

I suggest using the openbsd code, with 2 additions:

    1) There's a race condition in mkstemp(3) that can 
       be solved by checking for nlink==0 after the unlink.

    2) Calling a mktemp-ish function in a nonsecure directory
       (one that allows other than the owner to delete from it,
	so other-group write but not sticky) should be a 
	warning or an exception.  Actually, under tainting,
	it should definitely be an exception.


Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About