cvs commit: src/usr.bin/make job.c##SPAM
Harti Brandt
hartmut.brandt at dlr.de
Tue May 17 07:50:14 PDT 2005
On Tue, 17 May 2005, Alexander Leidinger wrote:
AL>Max Okumoto <okumoto at ucsd.edu> wrote:
AL>
AL>> If I use mkdtemp(), there is a chance that someone with the
AL>> same UID could race to build the fifo. Do we care about
AL>> races with ourselves? Or am I just being toooo paranoid? :-)
AL>
AL>Are you sure? mkdtemp() generates a "random" name like mkstemp() does, so the
AL>race would have existed already before (but the probability is very low that
AL>two make instances generate the same name)...
Yes, I think the race existed before. That's why I put the somewhat fuzzy
security statement into the commit log. I put it so fuzzy, because I'm not
sure we should worry about this. The only thing that could happen is a
kind of DoS attack from a program running under your UID (it could steal
you tokens or insert an unlimited number of tokens) on your make run. This
seems actually not a something to worry about.
harti
More information about the cvs-src
mailing list