Summary: | sys-libs/pwdb <= 0.62 insecure temporary file creation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Romang <zataz> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Romang
2005-05-27 04:28:13 UTC
I think this can be considered safe, there's a big warning there about using it. In general, it's up to developers to use library functions safely (ie, in this case defining _PWDB_LOGFILE if he wants to use the debugging stuff). He's wrong about fopen() failing if the file doesnt exist though, append will still create it, if that's what he meant. |