This is the mail archive of the
binutils@sourceware.cygnus.com
mailing list for the binutils project.
objdump still uses /tmp insecurely
- To: binutils at sourceware dot cygnus dot com
- Subject: objdump still uses /tmp insecurely
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Date: Mon, 8 May 2000 13:56:51 +0100 (BST)
- cc: hjl at valinux dot com
objdump sometimes opens temporary files without using O_EXCL.
Testcase: strace objdump -i
Fix: avoid using the deprecated choose_temp_base() from libiberty.
libiberty provides secure temporary file interfaces as well.
Workaround: always set TMPDIR to a non-world-writable directory.
--
Joseph S. Myers
jsm28@cam.ac.uk