[Imap-uw] [PATCH] remove usage of tmpnam() in ssl_unix.c
mrc+uw at panda.com
Fri Aug 14 12:34:45 PDT 2009
On Fri, 14 Aug 2009, Bjoern Voigt wrote:
> I see the problem, that the existing "tmpnam" usage may result in an endless
> loop. This unlikely case can occur for instance if /tmp is read-only for any
> reason or 100% full.
I fail to see why this is a problem. If /tmp (or /var/tmp) is unusable,
the system is already crippled until the condition is fixed.
If anything, having programs proceed after such an occurence is detected
That is not the "problem" that the link warning refers to. The link
warning refers to a specific timing race which can be a security issue in
some applications, but is of no consequence in this case.
What's more, boys and girls, IT NEVER IS EXECUTED at all on any modern
system. It is executed ONLY on ancient systems from 20+ years ago which
do not have /dev/urandom.
Stop fretting about non-problems.
-- Mark --
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
More information about the Imap-uw