[MINC-development] patches for tmpnam
Peter NEELIN
minc-development@bic.mni.mcgill.ca
Thu, 6 Mar 2003 22:08:49 -0500
On Thu, 6 Mar 2003, Vicka Corey wrote:
> Did the tmpnam() and tempnam() calls in the code clean up after themselves?
> If so, the same closes should still work; if not it is at least no worse.
Those functions do not open descriptors, which is the cause of the race
condition in the first place.
BTW, does anyone know to what extent this is a security risk? My guess
would be that this is only a risk for either root (or setuid
root) applications. Have I missed something?
[Comments about over-zealous gcc/glibc developers suppressed...]
Peter
----
Peter Neelin (neelin@bic.mni.mcgill.ca)