[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [FWP] Puzzle - Temp file creation

To: fwp@technofile.org
Subject: Re: [FWP] Puzzle - Temp file creation
From: Adam Rice <wysiwyg@glympton.airtime.co.uk>
Date: Fri, 16 Jul 1999 07:23:52 +0100
In-Reply-To: <m3vhbl7t72.fsf@chany-p100.emwp.com>; from Chaim Frenkel on Thu, Jul 15, 1999 at 12:50:57PM -0400
Mail-Followup-To: fwp@technofile.org
References: <199907142208.PAA16980@chinook.halcyon.com> <m3vhbl7t72.fsf@chany-p100.emwp.com>

Quoting Chaim Frenkel (chaimf@pobox.com):
> Okay enlighten me. What am I missing?

I suggest you go find an archive of security advisories and start reading.
It shouldn't take you more than a few messages to start noticing the
patterns.

Buffer overflows and *temp file creation*. Over and over again. Week in,
week out, the same programming errors recurring in the work of hundreds of
different authors.

You may say "but my program isn't security critical!" But history has shown
that any piece of software that is widely used will eventually be
used in a security-critical manner (MS Office is a recent good example of
this).

So, knowing this, why on earth would you risk it? IO::File->new_tmpfile is
there. Use it.

-- 
Adam Rice -- wysiwyg@glympton.airtime.co.uk -- Blackburn, Lancashire, England

==== Want to unsubscribe from Fun With Perl?  Well, if you insist...
==== Send email to <fwp-request@technofile.org> with message _body_
====   unsubscribe

References:
- Re: [FWP] Puzzle - Temp file creation
  - From: Brian "L." Matthews <blm@halcyon.com>
- Re: [FWP] Puzzle - Temp file creation
  - From: Chaim Frenkel <chaimf@pobox.com>

Prev by Date: Re: [FWP] Puzzle - Temp file creation
Next by Date: Fw: [FWP] Puzzle - Temp file creation
Prev by thread: Re: [FWP] Puzzle - Temp file creation
Next by thread: Re: [FWP] Puzzle - Temp file creation
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net