[Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c

Mark Crispin mrc+uw at panda.com
Fri Aug 14 12:34:45 PDT 2009

Previous message: [Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c
Next message: [Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Aug 2009, Bjoern Voigt wrote:

> I see the problem, that the existing "tmpnam" usage may result in an endless

> loop. This unlikely case can occur for instance if /tmp is read-only for any

> reason or 100% full.

I fail to see why this is a problem. If /tmp (or /var/tmp) is unusable,
the system is already crippled until the condition is fixed.

If anything, having programs proceed after such an occurence is detected
problem worse.

That is not the "problem" that the link warning refers to. The link
warning refers to a specific timing race which can be a security issue in
some applications, but is of no consequence in this case.

What's more, boys and girls, IT NEVER IS EXECUTED at all on any modern
system. It is executed ONLY on ancient systems from 20+ years ago which
do not have /dev/urandom.

Stop fretting about non-problems.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.

Previous message: [Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c
Next message: [Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Imap-uw mailing list