[vlc-devel] [PATCH v2 12/13] record: use vlc_MakeTmpFile (thus mkstemp) instead of tempnam
Rémi Denis-Courmont
remi at remlab.net
Thu Oct 8 21:48:00 CEST 2020
Le keskiviikkona 7. lokakuuta 2020, 4.51.22 EEST Lyndon Brown a écrit :
> I had no doubt you'd catch any such problem here if there was one. I'm
> not trying to hide the fact that when it came down to completing this
> commit I had some doubts around dealing with the extra FD, with proper
> evaluation requiring a greater understanding that I currently poses of
> this code. It would be very helpful and appreciated if you could
> briefly detail what is needed.
So there's two aspects here: First, there is a race condition, which leads to
a security issue. And then there is a design mistake whereby the filename is
allocated at a different place than it is written, which leads to a file (disk
space) leakage as we cannot delete the file straight away.
To be fair, this patch fixes the first problem, but it only hides the second by
removing the warning.
--
レミ・デニ-クールモン
http://www.remlab.net/
More information about the vlc-devel
mailing list