diff options
author | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 07:18:57 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2000-09-26 07:18:57 +0000 |
commit | e5448d7ad2c39a6784894e8e840514b0d88333bc (patch) | |
tree | 988e5245c7ed4515d6cf5df79a793cee315a7afb /manual/filesys.texi | |
parent | 3ee561ad4606d73a351d34034789d94c9570026d (diff) | |
download | glibc-e5448d7ad2c39a6784894e8e840514b0d88333bc.tar.gz |
Update.
2000-09-26 Ulrich Drepper <drepper@redhat.com>
* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to
remove possible garbage at the end of the file.
* stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r.
* stdio-common/tmpnam.c: Warn about insecure tmpnam.
* stdio-common/tempnam.c: Warn about insecure tempnam.
* misc/mktemp.c: Warn about insecure mktemp.
Diffstat (limited to 'manual/filesys.texi')
-rw-r--r-- | manual/filesys.texi | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/manual/filesys.texi b/manual/filesys.texi index 942eb7fb12..c550d72f1b 100644 --- a/manual/filesys.texi +++ b/manual/filesys.texi @@ -2870,7 +2870,7 @@ file is created another process might have created a file with the same name using @code{tmpnam}, leading to a possible security hole. The implementation generates names which can hardly be predicted, but when opening the file you should use the @code{O_EXCL} flag. Using -@code{tmpfile} is a safe way to avoid this problem. +@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem. @end deftypefun @comment stdio.h @@ -2881,6 +2881,9 @@ that if @var{result} is a null pointer it returns a null pointer. This guarantees reentrancy because the non-reentrant situation of @code{tmpnam} cannot happen here. + +@strong{Warning}: This function has the same security problems as +@code{tmpnam}. @end deftypefun @comment stdio.h @@ -2937,6 +2940,13 @@ The directory @file{/tmp}. @end itemize This function is defined for SVID compatibility. + +@strong{Warning:} Between the time the pathname is constructed and the +file is created another process might have created a file with the same +name using @code{tempnam}, leading to a possible security hole. The +implementation generates names which can hardly be predicted, but when +opening the file you should use the @code{O_EXCL} flag. Using +@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem. @end deftypefun @cindex TMPDIR environment variable |