From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 12353 invoked from network); 16 Oct 2001 03:43:57 -0000 Received: from unknown (HELO sunsite.dk) (130.225.247.90) by ns1.primenet.com.au with SMTP; 16 Oct 2001 03:43:57 -0000 Received: (qmail 26635 invoked by alias); 16 Oct 2001 03:43:43 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 16061 Received: (qmail 26617 invoked from network); 16 Oct 2001 03:43:41 -0000 Date: Mon, 15 Oct 2001 20:42:50 -0700 (PDT) From: Wayne Davison X-Sender: wayne@life.blorf.net To: Clint Adams Cc: zsh-workers@sunsite.dk Subject: Re: O_EXCL (was: How about MODDIR being configure'able?) In-Reply-To: <20011015134107.A17772@dman.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Mon, 15 Oct 2001, Clint Adams wrote: > Hmm.. shouldn't that be O_CREAT|O_EXCL, which we're not doing in > all cases? You are right that O_EXCL (when combined with O_CREAT) is the vital part of the incantation when creating new temp files, but it is not an error that some of our open() calls that include O_CREAT do not use O_EXCL. For instance, the calls that write out the history file need to succeed even if the file already exists, but they also want to succeed when the file doesn't exist. This is not a security problem since (sane) people put their history file into their home dir (or another non-world-writable dir) which is not vulnerable to the "rogue symlink" exploit. The code that creates a file based on the return of mktemp() is all using O_EXCL, so we're OK. ..wayne..