[4406] in bugtraq
Re: A vulnerability in Lynx (all versions)
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon May 5 20:56:32 1997
Date: Mon, 5 May 1997 17:08:30 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: fflush <fflush@SUCKAH.ML.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Mon, 05 May 1997 16:48:30 EDT."
<Pine.LNX.3.96.970505164226.3982A-100000@suckah.ml.org>
> Fix: Why don't people like using mktemp() or tmpfile() ?
mktemp() isn't a solution, since it is still raceable.
mkstemp() is the solution.
In OpenBSD we've killed about 400 or so of these; some exploitable,
some perhaps not.
