Dear Michael, I get it, Thank you very much. XD
2014-11-28 19:38 GMT+08:00 Michael Sweet <[email protected]>: > Creating and closing a temporary file, only to open it again later exposes > you to a well known symlink attack. Basically, if an attacker knows (or can > guess) the temp filename they can replace it with a symlink to another file > (e.g., /etc/passwd) to potentially reveal the contents of the file or > overwrite it. > > Sent from my iPad > > > On Nov 28, 2014, at 3:50 AM, Dong Tan <[email protected]> wrote: > > > > Dears, > > > > I recently covered an old project which used cupsTempFile(), isn't > support in CUPS 2.0.0/OS X 10.10. > > The design of old project is based on temporary file path not file > descriptor, so I just used cupsTempFd() to get temporary file path and > close it, to make the project working on CUPS 2.0.0/OS X 10.10. > > > > I check the source code of cupsTempFile() in earlier CUPS, found it just > call cupsTempFd(), and close the file descriptor. So, I wonder if my change > has some unpredictable error. > > I know there must be some reason to remove support of cupsTempFile(), I > just want to know why, in order to avoid similar error. > > _______________________________________________ > > Do not post admin requests to the list. They will be ignored. > > Printing mailing list ([email protected]) > > Help/Unsubscribe/Update your Subscription: > > https://lists.apple.com/mailman/options/printing/msweet%40apple.com > > > > This email sent to [email protected] >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Printing mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/printing/archive%40mail-archive.com This email sent to [email protected]
