On Wednesday 11 January 2006 14:18, Victor Lazzarini wrote:

> What about the warning we always get when building on Linux,
> that "_tempnam is dangerous, use mkstemp instead" ?

It is tmpnam() on Linux, and not _tempnam() which is specific
to msvcrt.dll. The warning is because the method of generating
a temporary file name and then opening the file later may be a
security problem unless the file is opened with open() using
the O_EXCL flag. The issue here is that between generating the
file name with checking if it already exists, and opening it,
a file with the same name may already have been created (i.e.
there is a filesystem race condition). If a process that uses
tmpnam() runs as root, another process that is unprivileged
may possibly create a symbolic link in /tmp that points to an
important system file; if it can guess the next temporary file
name and gets the timing right, the important file is then
destroyed by the privileged process when it tries to use it
as a temporary file.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Csound-devel mailing list
Csound-devel@lists.sourceforge.net