-On [20000306 09:25], Garance A Drosihn ([EMAIL PROTECTED]) wrote:
>At 12:17 AM -0700 3/6/00, Chris Wasser wrote:
>>I was just watching a buildworld happen when I noticed (specifically
>>in gcc, and a few other places) the following warning several times:
>>
>>warning: mktemp() possibly used unsafely; consider using mkstemp()
>>
>>I'm not sure if it's a big deal or not, but in the interests of
>>satisfying my own interests, I thought I would mention it. If this
>>has been covered already in this list, then please disregard. Next
>>time I'll capture the entire build process to a file.
>
>This probably has not been discussed a lot on current, but the
>freebsd-audit group has been trying to track down and change
>all uses of mktemp which might lead to any kind of security
>problem.
And in this case those are probably warnings issued by programs from the
contrib directory.
Possible suspects: cvs, groff, etc.
--
Jeroen Ruigrok van der Werven Network- and systemadministrator
<[EMAIL PROTECTED]> VIA NET.WORKS The Netherlands
BSD: Technical excellence at its best http://www.bart.nl
Tel: +31 - (0) 10 - 240 39 70 http://www.via-net-works.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
