[gopher] Security problems in gopherd (Was Security alert)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
John and others -
There is also still the remaining issue of several uses of the
tempnam() call in gopherd.c. I've been aware of them and meaning to
fix them for a while, but they seem to store the name of the temp file
in a global called ASKfile. When I was looking at it, I wasn't able
to determine at the time what other dire consequences I'd cause if I
changed to a different call where the tempfilename wasn't stored in
ASKfile, so I haven't changed it yet.
It seems though that in some places particularly for ASK data, that
the daemon stores the response in a temporary file and then lets other
areas of the code reopen and read that. (Hence the need for the temp
filename I think) mkstemp looks like a possible replacement since
there's a way to get the temp filename out of it.
--
David Allen
http://opop.nols.com/
----------------------------------------
DISCLAIMER: Regardless of what you read below, I agree with you.
- [gopher] Security problems in gopherd (Was Security alert),
David Allen <=
|
|
