[11616] in bugtraq
Re: Insecure use of file in /tmp by trn
daemon@ATHENA.MIT.EDU (Todd C. Miller)
Tue Aug 31 23:04:50 1999
Message-Id: <199908300843.CAA29170@xerxes.cs.colorado.edu>
Date: Mon, 30 Aug 1999 02:43:26 -0600
Reply-To: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
From: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
X-To: Shuman <shuman@ANNEXGRP.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sat, 28 Aug 1999 13:09:09 +0600."
<Pine.BOO.4.04.9908281306590.2468-100000@oubliette.annexgrp.org>
In message <Pine.BOO.4.04.9908281306590.2468-100000@oubliette.annexgrp.org>
so spake Shuman (shuman):
> RedHat includes a mktemp too, its a package by itself. From the look of
> the manpage, it seems to be based on the mktemp that comes with Debian,
> just with one extra option. The option is "-d", which creates a unique
> directory rather than a file.
This is the OpenBSD mktemp(1), I know since I wrote it :-)
RedHat 6.0 ships with an mktemp-1.5 rpm that corresponds to:
$OpenBSD: mktemp.c,v 1.4 1997/06/20 04:17:42 millert Exp $
The current OpenBSD mktemp.c (1.5) is identical with the exception
of a slightly more relaxed copyright. For some reason RedHat doesn't
document the -d option in the main page though. Just to clear up
the confusion...
- todd
