Joey Hess wrote:
> No, tmpnam generates a name for a file that did not exist at some point
> in time, but that *will* exist in the worst possible state (eg, a
> symlink to something important) when an attacker is targeting your program.
Which is why I'm trying to find a way to get rid of the call
Colin Tuckley wrote:
> tmpnam generates a name for a file which is guaranteed *not* to exist
No, tmpnam generates a name for a file that did not exist at some point
in time, but that *will* exist in the worst possible state (eg, a
symlink to something important) when an attacker is targeting your
Steinar H. Gunderson wrote:
> Why can't you just set up a pipe, fork, connect stdout of the child to one
> end of the pipe, and exec the program?
Thanks, reading about 'pipe' led me to 'popen' which pretty much
automatically does what you suggest.
regards,
Colin
--
Colin Tuckley | [EMAI
On Fri, Dec 29, 2006 at 10:17:55AM +, Colin Tuckley wrote:
> The interpreter allows the user to execute shell commands, this is
> implemented using the "system" call.
>
> [...]
>
> What is the best solution to this problem?
Why can't you just set up a pipe, fork, connect stdout of the child to
I'm doing some work on a Basic Interpreter and will be packaging it for Debian.
The interpreter allows the user to execute shell commands, this is
implemented using the "system" call.
To capture the output from the command " > " is concatenated onto
the end of the user supplied command. The is g
5 matches
Mail list logo
