nbmMITHRANDR.MORIA.ORG

• Next message: Uwe Schurig: "Re: Bypass Virus Checking"
• Previous message: Werner Koch: "Re: Tempfile vulnerabilities"
• In reply to: Grant Taylor: "Re: Tempfile vulnerabilities"
• Next in thread: Werner Koch: "Re: Tempfile vulnerabilities"
• Reply: Neil Blakey-Milner: "Re: Tempfile vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 2000-01-31 (23:55), Grant Taylor wrote:
>
> sub get_tmpfile {
> my $file;
> do {
> open RAN, "/dev/random" || die;
> read(RAN,$foo,16);
> close RAN;
> $file = '/tmp/autobuse' . unpack('H16',$foo);
> } while (-e $file || -l $file);
>
> return $file;
> }
>
> This method is Linux-specific, but that's all I need. The fixed
> autobuse is available at http://www.picante.com/~gtaylor/autobuse/
>
> Note that Autobuse has, as far as I know, zero users (including me).
> If I am wrong about this, please let me know!

I was about to suggest using mkstemp() from File::MkTemp, available
on CPAN, until I noticed that this mkstemp doesn't seem to use
O_CREAT and O_EXCL from Fcntl nor does it chmod 600 or similar.

It uses:

   $template = mktemp(_);

   $openup = File::Spec->catfile($_[1], $template);

   $fh = new FileHandle ">$openup"; #and say ahhh.

   croak("Could not open file: $openup")
      unless(defined $fh);

   return($fh);

Which seems to be just as bad as using mktemp, and then opening a
file, with the usual race conditions. Considering the general
feeling about the "mkstemp" concept, this implementation isn't
quite there.

Neil

--
Neil Blakey-Milner
nbmrucus.ru.ac.za

• Next message: Uwe Schurig: "Re: Bypass Virus Checking"
• Previous message: Werner Koch: "Re: Tempfile vulnerabilities"
• In reply to: Grant Taylor: "Re: Tempfile vulnerabilities"
• Next in thread: Werner Koch: "Re: Tempfile vulnerabilities"
• Reply: Neil Blakey-Milner: "Re: Tempfile vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]