[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: lua under FreeBSD
- From: Dietrich.Vogler@... (Christian Vogler)
- Date: Sun, 31 Dec 2000 13:38:01 +0100
> The difference is that clients linking to libc will get the warning not to
> use it, but scripts written in Lua won't. I realize straight ANSI C
> portability is one of Lua's goals, but it would be very nice if Lua did the
> right thing automatically by preventing someone from writing a script that
> makes insecure use of /tmp... Either by using mkstemp() where available,
> or at least by putting out the same warning when someone calls tmpnam().
IIRC from looking at the glibc source code, on Linux tmpnam() is
reasonably safe, because when available it uses /dev/urandom to
generate the file name. But I agree, in general it is dangerous and at
least a warning would be nice.