[m-dev.] for review: fix security holes.

Fergus Henderson fjh at cs.mu.OZ.AU
Fri Mar 27 16:54:13 AEDT 1998


On 26-Mar-1998, Tyson Dowd <trd at stimpy.cs.mu.oz.au> wrote:
> > This is perhaps not ideal, since the name `configure' is not very
> > unique, but that shouldn't be a problem, since mktemp is supposed
> > to be able to deal with such things.
> 
> I think the chances of it misconfiguring because the entire
> configure.XXXXXX namespace is full are low, and it takes a sensible
> course of action anyway (besides if configure.XXXXXX *is* full, maybe
> mktemp is broken anyway).

Yep.

> > > +	TMPFILE=`mktemp /tmp/configure.XXXXXX`
> > 
> > It might be better to make that
> > 
> > 	TMPFILE=`mktemp /tmp/configure.XXXXXX` || exit 1
> 
> Why? Won't this exit the configure script if mktemp fails?

Uh, yes, you're right.  I retract that suggestion.

> > 	case $MKTEMP in
> 
> Actually, I think you mean
> 	case "$MKTEMP" in

Yep.

-- 
Fergus Henderson <fjh at cs.mu.oz.au>  |  "I have always known that the pursuit
WWW: <http://www.cs.mu.oz.au/~fjh>  |  of excellence is a lethal habit"
PGP: finger fjh at 128.250.37.3        |     -- the last words of T. S. Garp.



More information about the developers mailing list