So in the “Code Review Guidelines” which I wrote a long time back, I quote a bit of code by Peter Guttmann, on how to open a file securely. Last week, Ilja van Sprundel got in touch with me, and said that the lstat/open/fstat chain is insecure, because you can recycle inodes by creating a lot of files. He pointed to an Olaf Kirch bugtraq post.
Bad advice lifetime, seven years:
Revision 1.10 1999/06/01 19:25:49 adam added open comments from Peter
Although, really, I shouldn’t say bad. I should add “What should the programmer do?”