apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: a security nit
Date Sun, 02 Jun 2002 15:54:22 GMT
At 05:24 AM 6/2/2002, Chuck Murcko wrote:
>Is this warning:
>
>htpasswd.o: In function `main':
>/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): warning: 
>tmpnam() possibly used unsafely; consider using mkstemp()
>
>1) the sort of thing to involve apr in, or

Yes... it has to be portable [although not equally effective on all platforms,
that will depend on the API.]

>It doesn't seem that big a deal to us so I'd opt for 2) which is at least 
>a bit tighter.

It is... that's why it's been left with the warning rather than easily 
closing the
warning with option 2 as you suggested.  As long as the warning remains,
it's a kick in the pants to push us to do it the right way.

Bill



Mime
View raw message