* unix/tclUnixPipe.c (TclpCreateTempFile): prevent potential race

	condition and security leak in tmp filename creation.
 	(max) [Patch #402924]

2 files changed, 12 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index a2ebd8f..cf3bd1f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,12 @@
 2001-03-29  Jeff Hobbs  <jeffh@gimlet.activestate.com>
 
+	* unix/tclUnixPipe.c (TclpCreateTempFile): prevent potential race
+	condition and security leak in tmp filename creation.
+ 	(max) [Patch #402924]
+
 	* unix/configure:
 	* unix/tcl.m4: corrected IRIX-5.x config to not use -n32.
- 	(english) [Patch 403626]
+ 	(english) [Patch #403626]
 
 	* unix/tclUnixThrd.c (Tcl_ConditionWait): fixed handling of
 	timeout for threads (corrects excessive CPU usage issue for Tk on
diff --git a/unix/tclUnixPipe.c b/unix/tclUnixPipe.c
index 0b56333..bf5a005 100644
--- a/unix/tclUnixPipe.c
+++ b/unix/tclUnixPipe.c
@@ -10,7 +10,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tclUnixPipe.c,v 1.10 2000/09/06 18:46:13 hobbs Exp $
+ * RCS: @(#) $Id: tclUnixPipe.c,v 1.11 2001/03/29 19:45:20 hobbs Exp $
  */
 
 #include "tclInt.h"
@@ -186,10 +186,15 @@ TclpCreateTempFile(contents)
     Tcl_DString dstring;
     int fd;
 
+    /*
+     * Linux says we should use mkstemp, but Solaris prefers tmpnam.
+     * We should also check against making more then TMP_MAX of these.
+     */
+
     if (tmpnam(fileName) == NULL) {			/* INTL: Native. */
 	return NULL;
     }
-    fd = open(fileName, O_RDWR|O_CREAT|O_TRUNC, 0666);	/* INTL: Native. */
+    fd = open(fileName, O_RDWR|O_CREAT|O_EXCL, 0666);	/* INTL: Native. */
     if (fd == -1) {
 	return NULL;
     }