[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

Re: [zzdev] /tmp handling?

On Sun, Jul 08, 2001 at 10:30:08AM +0300, Tuomas Lukka wrote:
> Hmm, it just occurred to me - do we have a security issue with /tmp
> handling, using fixed names there when building the docs?

Yes, unless you always check that a file in /tmp is a real file and not
a softlink before any write operations.  It's always safest to use the
maketemp() function or equivalent.

mailto:xanni@xxxxxxxxxx                         Andrew Pam
http://www.xanadu.com.au/                       Chief Scientist, Xanadu
http://www.glasswings.com.au/                   Technology Manager, Glass Wings
http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
P.O. Box 477, Blackburn VIC 3130 Australia	Phone +61 401 258 915