[kaffe] File.createTempFile() creates files in /tmp with mode 0666!

Dalibor Topic robilad at yahoo.com
Fri Mar 7 03:55:01 PST 2003


Hi Mark,

--- Mark J Roberts <mjr at znex.org> wrote:
> Creating /tmp files with mode 0666 is insane. Other
> users should
> never be able to read or write to your temp files!

thanks, I've checked the patch in.

If you want to look out for other security problems,
it would be interesting to run a static analyser tool
like RATS [1], Flawfinder [2], PScan [3], SPlint [4],
ITS4 [5], or uno [6] on kaffe's sources.

cheers,
dalibor topic

[1] http://www.securesoftware.com/download_rats.htm
[2] http://www.dwheeler.com/flawfinder/
[3] http://www.striker.ottawa.on.ca/~aland/pscan/
[4] http://splint.org/
[5] http://www.cigital.com/its4/
[6] http://cm.bell-labs.com/cm/cs/what/uno/index.html


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/




More information about the kaffe mailing list