[krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Jul 17 23:09:00 EDT 2008
"Ken Raeburn via RT" <rt-comment at krbdev.mit.edu> writes:
> With fchmod, we would have a race condition where some other party
> could open the file after it was created but before the fchmod call.
> In the normal UNIX model, fchmod does not revoke access to an already
> opened file.
Ok, so this is a case where using mkstemp() is clearly less safe.
What should we do? tmpnam() and open(O_CREAT|O_EXCL)? Some
development environments are evolving toward warning about uses of
mktemp(), which is similar to tmpnam(), so they may also flag uses of
tmpnam().
We could use umask(), but while we could lock around it, we could not
guarantee that the application would not call umask() outside of our
locks.
I'm going to revert this change for now.
More information about the krb5-bugs
mailing list