Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.12.9) with ESMTP id m6I3O3o4001489; Thu, 17 Jul 2008 23:24:03 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m6I3NuuY008867; Thu, 17 Jul 2008 23:23:56 -0400 (EDT) Received: from NOME-KING.MIT.EDU (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m6I3NtHE016730 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 17 Jul 2008 23:23:56 -0400 (EDT) Message-ID: From: Ken Raeburn To: rt-comment@krbdev.mit.edu In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Subject: Re: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp MIME-Version: 1.0 (Apple Message framework v928.1) Date: Thu, 17 Jul 2008 23:23:55 -0400 References: X-Mailer: Apple Mail (2.928.1) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 783 On Jul 17, 2008, at 23:09, Tom Yu via RT wrote: > Ok, so this is a case where using mkstemp() is clearly less safe. > What should we do? tmpnam() and open(O_CREAT|O_EXCL)? Some > development environments are evolving toward warning about uses of > mktemp(), which is similar to tmpnam(), so they may also flag uses of > tmpnam(). Coming up with names not already taken isn't all that hard, it just requires setting up a loop and having a reasonably large space of names to work through. With a large enough namespace and a halfway decent PRNG, we ought to be able to find an unused name in one or two tries, actually: dir + "/krb5_RC" + base64(random). Do we have this sort of thing happening elsewhere, such that a utility function mkstemp_mode_0600 would help? Ken