Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name

"Tor Lillqvist" <tlillqvist -AT- novell.com>
Fri, 15 Jul 2011 01:14:14 -0600

Would that be more acceptable ?


Well, I am not saying they are unacceptable. 

I just wanted a bit of discussion with perhaps somebody actually clueful about security issues 
giving their opinion;)

Quite possibly the checks make good sense, and are not a risk as nobody is going to run LibreOffice 
setuid anyway, which, if I understand correctly, is the main situation where TOCTTOU, especially 
with access() as the "check" phase, is a vulnerability? Is it the only situation?

--tml

Context

[Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Francois Tigeot
- Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Tor Lillqvist
  - Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Francois Tigeot
    - Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Caolán McNamara
      - Re: [Libreoffice] [PATCH] [PUSHED] Simplify a function returning the temporary directory name · Francois Tigeot
  - Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Francois Tigeot
    - Re: [Libreoffice] [PATCH] Simplify a function returning the temporary directory name · Tor Lillqvist

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.