===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/porting.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -r1.15 -r1.16
*** www/Attic/porting.html 1998/12/20 17:08:45 1.15
--- www/Attic/porting.html 1998/12/21 21:48:41 1.16
***************
*** 95,107 ****
strcat/strcpy/strcmp/sprintf. In general,
sprintf should be replaced with snprintf.
! Never use filenames when you need security. There are numerous race
conditions where you don't have proper control. For instance, an attacker
who already has user privileges on your machines may replace files in
/tmp with symbolic links to more strategic files, such as
/etc/passwd.
! For instance, one very common problem is the mktemp
function. Head the warnings of the bsd linker about its uses.
These must be fixed.
This is not quite as simple as s/mktemp/mkstemp/g.
--- 95,116 ----
strcat/strcpy/strcmp/sprintf. In general,
sprintf should be replaced with snprintf.
! Never use filenames insteaad of true security. There are numerous race
conditions where you don't have proper control. For instance, an attacker
who already has user privileges on your machines may replace files in
/tmp with symbolic links to more strategic files, such as
/etc/passwd.
+
+ For instance, both fopen and freopen
+ create a new file or open an existing file for
+ writing. An attacker may create a symbolic link from
+ /etc/paswd to /tmp/addrpool_dump. The
+ instant you open it, your password file is hosed. Yes, even with
+ an unlink right before. You only narrow the window
+ of opportunity. Use open with
+ O_CREAT|O_EXCLUDE and fdopen instead.
! Another very common problem is the mktemp
function. Head the warnings of the bsd linker about its uses.
These must be fixed.
This is not quite as simple as s/mktemp/mkstemp/g.
***************
*** 332,337 ****
www@openbsd.org
!
$OpenBSD: porting.html,v 1.15 1998/12/20 17:08:45 espie Exp $