>>>>> "Joseph" == Joseph S Myers <[EMAIL PROTECTED]> writes:
Joseph> The problems with temporary file security in autoconf's shell
Joseph> scripts (predictable file names in /tmp, opened without
Joseph> O_EXCL) have been well known for a long time, though it seems
Joseph> still not fixed in CVS.
Pff, in addition to portability issues you want us to address
security... :(
How dangerous are those ``holes'', really? What would you suggest?
Joseph> AC_SYS_LONG_FILE_NAMES (acspecific.m4) has a similar but much
Joseph> more serious problem: it uses a fixed file name,
Joseph> /tmp/conftest9012345, and does not even attempt to remove it
Joseph> before overwriting it: and this hole inserts itself into the
Joseph> configure scripts of otherwise properly secure packages.
Demonstration quite impressive :)
What do you suggest? Better yet, could you send a patch to
[EMAIL PROTECTED]?
Thanks!
Akim
