public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
* ada/4482: Ada: /tmp race condition fixed only partially
@ 2001-10-05 11:06 fw
0 siblings, 0 replies; only message in thread
From: fw @ 2001-10-05 11:06 UTC (permalink / raw)
To: gcc-gnats
>Number: 4482
>Category: ada
>Synopsis: /tmp race condition fixed only partially
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Oct 05 11:06:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Florian Weimer
>Release: 3.1 20011005 (experimental)
>Organization:
>Environment:
*BSD, and probably others.
>Description:
The implementation of __gnat_tmp_name() in ada/adainit.c creates temporary
files safely only on GNU/Linux. (/tmp race conditions are a security
problem.)
>How-To-Repeat:
Compile the following program:
with Ada.Text_IO;
use Ada.Text_IO;
procedure Test_Temp_File is
File : File_Type;
begin
Create (File);
end Test_Temp_File;
and run it under strace or a similar tool to check if the open() system
call for the tempory file uses the O_EXCL flag. If it doesn't,
it's very unlikely that the temporary file is created in a safe manner.
>Fix:
Use mkstemp() on more platforms, or copy the mkstemp() implementation from
GNU libc (which should work on most UNIX-like platforms).
>Release-Note:
>Audit-Trail:
>Unformatted:
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-10-05 11:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-10-05 11:06 ada/4482: Ada: /tmp race condition fixed only partially fw
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).