other/2141: set -C in gccbug not portable

other/2141: set -C in gccbug not portable

[Rainer Orth]

>Number:         2141
>Category:       other
>Synopsis:       set -C in gccbug not portable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 01 12:36:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Rainer Orth
>Release:        3.0 20010221 (prerelease)
>Organization:
University of Bielefeld, Faculty of Technology
>Environment:
System: SunOS eiche 5.8 Generic sun4u sparc SUNW,Ultra-250
Architecture: sun4

	
host: sparc-sun-solaris2.8
build: sparc-sun-solaris2.8
target: sparc-sun-solaris2.8
configured with: /vol/gnu/src/gcc/gcc-3.0-branch/configure --prefix=/vol/gcc --with-local-prefix=/vol/gcc --enable-shared --disable-nls
>Description:
gccbug uses set -C to avoid overwriting files with I/O redirection.
Unfortunately, this isn't portable: none of Solaris 2.8, IRIX 6.2, or Tru64 UNIX
V5.1 /bin/sh support it, while bash and ksh do.
>How-To-Repeat:
% /bin/sh ./gccbug
./gccbug: -C: bad option(s)
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted:

Re: other/2141: set -C in gccbug not portable

[Joseph S. Myers]

The following reply was made to PR other/2141; it has been noted by GNATS.

From: "Joseph S. Myers" <jsm28@cam.ac.uk>
To: Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>
Cc: <gcc-gnats@gcc.gnu.org>,  <gcc-bugs@gcc.gnu.org>
Subject: Re: other/2141: set -C in gccbug not portable
Date: Mon, 12 Mar 2001 13:48:35 +0000 (GMT)

 On Mon, 12 Mar 2001, Rainer Orth wrote:
 
 > How about using a different approach: creating a unique temporary directory
 > and storing the gccbug temp files there?  This shouldn't be vulnerable to
 > temp races and doesn't rely on non-portable options either.
 
 It's also more prone to DoS attacks than the mktemp method, so mktemp is
 still preferable on systems that have it.
 
 I presume that any systems on which mkdir fails to return a proper exit
 status (non-zero if the directory already exists) or follows symlinks also
 lack set -C?
 
 -- 
 Joseph S. Myers
 jsm28@cam.ac.uk
 

Re: other/2141: set -C in gccbug not portable

[Richard Earnshaw]

The following reply was made to PR other/2141; it has been noted by GNATS.

From: Richard Earnshaw <rearnsha@arm.com>
To: "Joseph S. Myers" <jsm28@cam.ac.uk>
Cc: Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>, gcc-gnats@gcc.gnu.org,
        gcc-bugs@gcc.gnu.org, Richard.Earnshaw@arm.com
Subject: Re: other/2141: set -C in gccbug not portable 
Date: Mon, 12 Mar 2001 14:08:32 +0000

 > On Mon, 12 Mar 2001, Rainer Orth wrote:
 > 
 > > How about using a different approach: creating a unique temporary directory
 > > and storing the gccbug temp files there?  This shouldn't be vulnerable to
 > > temp races and doesn't rely on non-portable options either.
 > 
 > It's also more prone to DoS attacks than the mktemp method, so mktemp is
 > still preferable on systems that have it.
 > 
 > I presume that any systems on which mkdir fails to return a proper exit
 > status (non-zero if the directory already exists) or follows symlinks also
 > lack set -C?
 
 One or two ideas:
 
 Determine if we are root and refuse to run if there is no safe mktemp or 
 whatever.
 
 Determine if we are root and then use "su nobody" to create the temporary 
 file.
 
 use csh and set the noclobber variable to create the temporary file
 
 
 

Re: other/2141: set -C in gccbug not portable

[Rainer Orth]

The following reply was made to PR other/2141; it has been noted by GNATS.

From: Rainer Orth <ro@TechFak.Uni-Bielefeld.DE>
To: "Joseph S. Myers" <jsm28@cam.ac.uk>
Cc: <gcc-gnats@gcc.gnu.org>, <gcc-bugs@gcc.gnu.org>
Subject: Re: other/2141: set -C in gccbug not portable
Date: Mon, 12 Mar 2001 14:12:03 +0100 (MET)

 Joseph S. Myers writes:
 > On Thu, 1 Mar 2001, Rainer Orth wrote:
 > 
 > > gccbug uses set -C to avoid overwriting files with I/O redirection.
 > > Unfortunately, this isn't portable: none of Solaris 2.8, IRIX 6.2, or
 > > Tru64 UNIX V5.1 /bin/sh support it, while bash and ksh do.
 > 
 > Does this cause gccbug to exit at the set -C, or simply an unsightly error
 > message?
 
 gccbug just exits:
 
 % /bin/uname -a
 OSF1 bartok V5.1 732 alpha
 % /bin/sh ./gccbug 
 ./gccbug: -C: bad option(s)
 % echo $?
 1
 
 > Is there a recommended method to create temporary files securely from
 > shell scripts on these systems?
 
 How about using a different approach: creating a unique temporary directory
 and storing the gccbug temp files there?  This shouldn't be vulnerable to
 temp races and doesn't rely on non-portable options either.
 
 > I think the appropriate fix is for configure to look for a working POSIX
 > shell (such as bash or ksh) on systems lacking the mktemp command and set
 > -C.
 
 I don't think this is an appropriate solution.  Consider systems which lack
 all of those: we shouln't force users of such systems to install bash just
 to produce a gcc bug report.
 
 	Rainer
 
 -----------------------------------------------------------------------------
 Rainer Orth, Faculty of Technology, Bielefeld University
 
 Email: ro@TechFak.Uni-Bielefeld.DE