...
ENV00-A. Do not store the pointer to the string returned by getenv()
- reverted last edit to restore the solution, not sure how it got deleted - alexv 5/6
...
MEM36-C. Do not store an address into an object with a longer lifetime says it is marked for deletion... does anything need to be done about this? should we move it to the void? -alexv 4/22
...
- integrate the concerns of TMP33-C. Temporary files must be removed before the program exits into TMP30-C. Temporary files must be created with unique and unpredictable file names by reiterating the need to clean up after temp files
- done, but someone else should make sure they like the way I addressed this before deleting TMP33
- then delete it as it is way redundant
- Be clear that there is no good solution for cleaning up after abnormal termination other than using a /tmp directory, but then that violates TMP00-A. Do not create temporary files in shared directories
- There is a trade-off here... use a shared directory and worry more about security, or use a private directory and worry about cleanup
- We need more work on TMP00-A. Do not create temporary files in shared directories
- Explain all the downsides to
chroot jail(copying over DLLs, portability, how it is a HUGE mess, etc) - Demonstrate a good to way to create a private directory that is not as hard as a jail
- Resolve the contradictions inherent between this rec and TMP33.. we say use
}}{{{}{}{}{}{}{}tempnamin one, but say not to use}}{{{}{}{}{}{}{}tmpnamin another, moreover, our rule to use}}{{{}{}{}{}{}{}mkstempor}}{{{}{}{}{}{}{}tmpfile_scontradicts TMP00 since neither guarantee a non-shared directory- use
mkstempand remember to clean up, then everyone is happy
- use
- Explain all the downsides to
...