[kaffe] File.createTempFile() creates files in /tmp with mode 0666!
Dalibor Topic
robilad at yahoo.com
Fri Mar 7 03:55:01 PST 2003
Hi Mark,
--- Mark J Roberts <mjr at znex.org> wrote:
> Creating /tmp files with mode 0666 is insane. Other
> users should
> never be able to read or write to your temp files!
thanks, I've checked the patch in.
If you want to look out for other security problems,
it would be interesting to run a static analyser tool
like RATS [1], Flawfinder [2], PScan [3], SPlint [4],
ITS4 [5], or uno [6] on kaffe's sources.
cheers,
dalibor topic
[1] http://www.securesoftware.com/download_rats.htm
[2] http://www.dwheeler.com/flawfinder/
[3] http://www.striker.ottawa.on.ca/~aland/pscan/
[4] http://splint.org/
[5] http://www.cigital.com/its4/
[6] http://cm.bell-labs.com/cm/cs/what/uno/index.html
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
More information about the kaffe
mailing list