> Would that be more acceptable ? Well, I am not saying they are unacceptable.
I just wanted a bit of discussion with perhaps somebody actually clueful about security issues giving their opinion;) Quite possibly the checks make good sense, and are not a risk as nobody is going to run LibreOffice setuid anyway, which, if I understand correctly, is the main situation where TOCTTOU, especially with access() as the "check" phase, is a vulnerability? Is it the only situation? --tml _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
