* Fwd: insight connect window launching issues
@ 2001-07-05 23:36 Niraj Gupta
2001-07-06 8:18 ` Keith Seitz
0 siblings, 1 reply; 2+ messages in thread
From: Niraj Gupta @ 2001-07-05 23:36 UTC (permalink / raw)
To: insight
thx for the quick response, also there was a typo in my email address
here is the additional info
src/tcl/unix/tclUnixPipe.c:188: the use of `tmpnam' is dangerous, better use
`mkstemp'
i guess this is with the use of function tmpnam, which creates tmp filename,
mkstemp doc suugests that is guarantee's unique file name
grep show this functions is used in other places too
regards
niraj
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fwd: insight connect window launching issues
2001-07-05 23:36 Fwd: insight connect window launching issues Niraj Gupta
@ 2001-07-06 8:18 ` Keith Seitz
0 siblings, 0 replies; 2+ messages in thread
From: Keith Seitz @ 2001-07-06 8:18 UTC (permalink / raw)
To: Niraj Gupta; +Cc: Insight Maling List
On Thu, 5 Jul 2001, Niraj Gupta wrote:
> here is the additional info
>
> src/tcl/unix/tclUnixPipe.c:188: the use of `tmpnam' is dangerous, better use
> `mkstemp'
Linux manpage on tmpnam says "Never use this function. Use mkstemp(3)
instead."
The Solaris page says nothing (other than the multi-threaded app warning).
The OpenBSD manpage, though, says:
tmpnam() and tempnam() are provided for System V and ANSI compatibility
only. These interfaces are typically not used in safe ways. The mk-
stemp(3) interface is strongly preferred.
There are four important problems with these interfaces (as well as with
the historic mktemp(3) interface). First, there is an obvious race be-
tween file name selection and file creation and deletion: the program is
typically written to call tmpnam(), tmpname(), or mktemp(3). Subsequent-
ly, the program calls open(2) or fopen(3) and erroneously opens a file
(or symbolic link, or fifo or other device) that the attacker has placed
in the expected file location. Hence mkstemp(3) is recommended, since it
atomically creates the file.
Second, most historic implementations provide only a limited number of
possible temporary file names (usually 26) before file names will start
being recycled. Third, the System V implementations of these functions
(and of mktemp) use the access(2) function to determine whether or not
the temporary file may be created. This has obvious ramifications for
daemons or setuid/setgid programs, complicating the portable use of these
interfaces in such programs. Finally, there is no specification of the
permissions with which the temporary files are created.
This implementation does not have these flaws, but portable software can-
not depend on that.
For these reasons, ld(8) will output a warning message whenever it links
code that uses the functions tmpnam() or tempnam().
I don't think it's too big a deal, but in the interests of all, I will
send a note out to some of the maintainers/contributors and see what they
say. If they choose to act is up to them.
Thanks for the pointer.
Keith
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-07-06 8:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-07-05 23:36 Fwd: insight connect window launching issues Niraj Gupta
2001-07-06 8:18 ` Keith Seitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).