[krbdev.mit.edu #1794] git commit
Benjamin Kaduk via RT
rt-comment at krbdev.mit.edu
Mon Nov 4 14:22:23 EST 2013
Remove last uses of "possibly-insecure" mktemp(3)
Many libc implementations include notations to the linker to generate
warnings upon references to mktemp(3), due to its potential for
insecure operation. This has been the case for quite some time,
as was noted in RT #6199. Our usage of the function has decreased
with time, but has not yet disappeared entirely. This commit
removes the last few instances from our tree.
kprop's credentials never need to hit the disk, so a MEMORY ccache
is sufficient (and does not need randomization).
store_master_key_list is explicitly putting keys on disk so as to
do an atomic rename of the stash file, but since the stash file
should be in a root-only directory, we can just use a fixed name
for the temporary file. When using this fixed name, we must detect
(and error out) if the temporary file already exists; add a test to
confirm that we do so.
https://github.com/krb5/krb5/commit/0415740bb569bad53b18f4483837e7e037f88544
Author: Ben Kaduk <kaduk at mit.edu>
Commit: 0415740bb569bad53b18f4483837e7e037f88544
Branch: master
src/lib/kdb/kdb_default.c | 37 +++++++++++++++++++++++--------------
src/slave/kprop.c | 16 +++++++---------
src/tests/t_mkey.py | 9 +++++++++
3 files changed, 39 insertions(+), 23 deletions(-)
More information about the krb5-bugs
mailing list