about summary refs log tree commit diff
path: root/manual
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2000-09-26 07:18:57 +0000
committerUlrich Drepper <drepper@redhat.com>2000-09-26 07:18:57 +0000
commite5448d7ad2c39a6784894e8e840514b0d88333bc (patch)
tree988e5245c7ed4515d6cf5df79a793cee315a7afb /manual
parent3ee561ad4606d73a351d34034789d94c9570026d (diff)
downloadglibc-e5448d7ad2c39a6784894e8e840514b0d88333bc.tar.gz
glibc-e5448d7ad2c39a6784894e8e840514b0d88333bc.tar.xz
glibc-e5448d7ad2c39a6784894e8e840514b0d88333bc.zip
Update.
2000-09-26  Ulrich Drepper  <drepper@redhat.com>

	* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to
	remove possible garbage at the end of the file.

	* stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r.
	* stdio-common/tmpnam.c: Warn about insecure tmpnam.
	* stdio-common/tempnam.c: Warn about insecure tempnam.
	* misc/mktemp.c: Warn about insecure mktemp.
Diffstat (limited to 'manual')
-rw-r--r--manual/filesys.texi12
1 files changed, 11 insertions, 1 deletions
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 942eb7fb12..c550d72f1b 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -2870,7 +2870,7 @@ file is created another process might have created a file with the same
 name using @code{tmpnam}, leading to a possible security hole.  The
 implementation generates names which can hardly be predicted, but when
 opening the file you should use the @code{O_EXCL} flag.  Using
-@code{tmpfile} is a safe way to avoid this problem.
+@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
 @end deftypefun
 
 @comment stdio.h
@@ -2881,6 +2881,9 @@ that if @var{result} is a null pointer it returns a null pointer.
 
 This guarantees reentrancy because the non-reentrant situation of
 @code{tmpnam} cannot happen here.
+
+@strong{Warning}: This function has the same security problems as
+@code{tmpnam}.
 @end deftypefun
 
 @comment stdio.h
@@ -2937,6 +2940,13 @@ The directory @file{/tmp}.
 @end itemize
 
 This function is defined for SVID compatibility.
+
+@strong{Warning:} Between the time the pathname is constructed and the
+file is created another process might have created a file with the same
+name using @code{tempnam}, leading to a possible security hole.  The
+implementation generates names which can hardly be predicted, but when
+opening the file you should use the @code{O_EXCL} flag.  Using
+@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
 @end deftypefun
 @cindex TMPDIR environment variable