Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Octave: Document the inherit security risks of tempname and system #1144

Open
alexvong243f opened this issue Jun 22, 2022 · 0 comments
Open

Octave: Document the inherit security risks of tempname and system #1144

alexvong243f opened this issue Jun 22, 2022 · 0 comments
Labels
longterm upstream

Comments

@alexvong243f
Copy link
Collaborator

alexvong243f commented Jun 22, 2022
edited

We should update Octave documentation to state the inherit security risks of tempname and system, similar to how other programming languages do.

Python documentation

A historical way to create temporary files was to first generate a file name with the mktemp() function and then create a file using this name. Unfortunately this is not secure, because a different process may create a file with this name in the time between the call to mktemp() and the subsequent attempt to create the file by the first process. The solution is to combine the two steps and create the file immediately. This approach is used by mkstemp() and the other functions described above.

C library man page

Any user input that is employed as part of command should be carefully sanitized, to ensure that unexpected shell commands or command options are not executed. Such risks are especially grave when using system() from a privileged program.

See also the discussion in #1140.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
longterm upstream
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alexvong243f