You *must* use O_EXCL when using mktemp (security issue).

Glad this code never shipped :-). This is not a problem in 2.0.x. Jeremy. (This used to be commit a0c302f4d03ab07d697115fa8520d0cb0b2ba616)
author: Jeremy Allison <jra@samba.org> 2000-03-11 01:02:45 +0000
committer: Jeremy Allison <jra@samba.org> 2000-03-11 01:02:45 +0000
commit: 7b97d056a1deae9e885765153f596e8e30e334b1 (patch)
tree: d7b2af859e8ce7d333b971fe6938092efe1daf1b
parent: d50abdee22f1573890e16bd4f2a70fe2b20b53fe (diff)
download: samba-7b97d056a1deae9e885765153f596e8e30e334b1.tar.gz
samba-7b97d056a1deae9e885765153f596e8e30e334b1.tar.bz2
samba-7b97d056a1deae9e885765153f596e8e30e334b1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b4aefe44c1..ef0b7fad9b 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -2596,7 +2596,7 @@ uint32 _spoolss_startdocprinter( const POLICY_HND *handle, uint32 level,
 	slprintf(tempname,sizeof(tempname)-1, "%s/smb_print.XXXXXX",lp_pathname(snum));  
 	pstrcpy(fname, (char *)mktemp(tempname));
 
-	fd=open(fname, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
+	fd=open(fname, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, S_IRUSR|S_IWUSR );
 	DEBUG(4,("Temp spool file created: [%s]\n", fname));
 
 	Printer->current_jobid=fd;
author	Jeremy Allison <jra@samba.org>	2000-03-11 01:02:45 +0000
committer	Jeremy Allison <jra@samba.org>	2000-03-11 01:02:45 +0000
commit	7b97d056a1deae9e885765153f596e8e30e334b1 (patch)
tree	d7b2af859e8ce7d333b971fe6938092efe1daf1b
parent	d50abdee22f1573890e16bd4f2a70fe2b20b53fe (diff)
download	samba-7b97d056a1deae9e885765153f596e8e30e334b1.tar.gz samba-7b97d056a1deae9e885765153f596e8e30e334b1.tar.bz2 samba-7b97d056a1deae9e885765153f596e8e30e334b1.zip