[DRE-maint] Is Ruby's Tempfile secure?
Thijs Kinkhorst
thijs at debian.org
Tue Sep 2 17:28:06 UTC 2008
On Tuesday 2 September 2008 15:51, Michael Schutte wrote:
> As far as I can tell, there is no dangerous race condition in the
> Tempfile implementation (at least in 1.8.5-4etch2 and 1.8.7.22-3, I
> didn’t look at other versions). This is the relevant line from
> tempfile.rb:
Yes, I only read the specification in the documentation which I believe
suggests it's insecure, but the code doesn't seem to match that. So I think
it's good to consider this safe unless proven otherwise.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20080902/4adb2cc2/attachment.pgp
More information about the Pkg-ruby-extras-maintainers
mailing list