On 04/27/2011 04:05 AM, Reuben Thomas wrote: > On 27 April 2011 03:24, Bruno Haible <br...@clisp.org> wrote: >>> Does setting a 0600 umask (as glibc does) sound like a good thing to >>> add to the mkstemp-safer functions?
Setting umask() is bad for other reasons - it is global state, and should not be done in multi-threaded applications. Doing chmod() after the fact is too late. So yes, I think it would be nice to enhance the mkstemp module to detect implementations that do not use 0600 as the third argument to the open() used under the hood by mkstemp(), and replace mkstemp() on those platforms as well, which would then give us GNU semantics on all platforms, as a relatively easy guarantee. The hardest part now is writing the m4 test to detect platforms whose mkstemp is insecure. > However, this suggests that the gnulib documentation for mkstemp > should direct the programmer to clean-temp, something like: > > "If you are creating temporary files which will later be removed, consider > using the clean-temp module, which avoids several pitfalls of using mkstemp > directly." I could also live with that in the mkstemp.c file. Would you care to help write the patch? -- Eric Blake ebl...@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
