On Wed, Feb 3, 2010 at 2:58 AM, Peter Maydell <pmayd...@chiark.greenend.org.uk> wrote: > Earl Hood wrote: >>Even though no one has convinced me that my new functions >>still contain the race condition security problem, > > There was a URL in the old linked message I provided; > the problem is in the presence of /tmp/ cleaners (which, > yes, do exist even if there are problems with them).
I missed the /tmp cleaners. Yes, that could be an issue if the cleaner happens to run just as you are running an nmh command and the cleaner is dumb to remove the file even if it is recent, and them some malicious user just happens to be trying to symlink you. I'd have to question the skills of the sys admin that set that up a cleaner that deleted files despite the modtime. My latest changes causes tmp files to be put in user's mail dir if no template is specified. Note, looking more at the code, many commands change the cwd to the user's mail dir. They then call the temp file routine (before my changes and after my changes since I wanted to minimize risk to functionality) so temp files are created in cwd. Therefore, for most commands, temp files were already being placed in the user's mail dir. Where /tmp was getting used were calls to m_tmpfil(). Those calls were replaced with m_mktemp(). In my latest post of m_mktemp.c, I changed the function so m_maildir("") will be used instead of /tmp. --ewh _______________________________________________ Nmh-workers mailing list Nmh-workers@nongnu.org http://lists.nongnu.org/mailman/listinfo/nmh-workers