Return-Path: 
 <dev-return-6665-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 4628 invoked by uid 500); 2 Jun 2002 10:24:38 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Subscribe: <mailto:dev-subscribe@apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 4612 invoked from network); 2 Jun 2002 10:24:37 -0000
Date: Sun, 2 Jun 2002 06:24:50 -0400
Mime-Version: 1.0 (Apple Message framework v481)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: a security nit
From: Chuck Murcko <chuck@topsail.org>
To: dev@apr.apache.org
Content-Transfer-Encoding: 7bit
Message-Id: <F8697494-7612-11D6-977B-003065F93D3A@topsail.org>
X-Mailer: Apple Mail (2.481)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Is this warning:

htpasswd.o: In function `main':
/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): 
warning: tmpnam() possibly used unsafely; consider using mkstemp()

1) the sort of thing to involve apr in, or

2) should I just open()/close() the file before it really gets fopen()ed 
thus:

if((tmp_fd = open(tmp_name, O_RDWR|O_CREAT|O_EXCL, 0600)) < 0)
{
      fprintf(stderr, "tmpfile create failure!\n");
      exit(-1);
}
close(tmp_fd);

which still leaves a narrow timing window of attack but is easily 
portable AFAICS.

3) or just rewrite the thing using open()?

It doesn't seem that big a deal to us so I'd opt for 2) which is at 
least a bit tighter.

Thanks,
Chuck