[Dune] [#914] Warning: the use of `tmpnam' is dangerous, better use `mkstemp'
Dune
flyspray at dune-project.org
Thu May 12 07:34:34 CEST 2011
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Patrick Leidenberger (leidenberger)
Attached to Project - Dune
Summary - Warning: the use of `tmpnam' is dangerous, better use `mkstemp'
Task Type - Bug Report
Category - Grid
Status - New
Assigned To -
Operating System - Unspecified / All
Severity - Low
Priority - Normal
Reported Version - SVN (pre2.2)
Due in Version - Undecided
Due Date - Undecided
Details - Hi all,
compiling my code, which uses the dgfparser, I got the warning:
warning: the use of `tmpnam' is dangerous, better use `mkstemp'
from the compiler.
This warning is related to:
io/file/dgfparser/dgfparser.cc:1082: char buffer[ L_tmpnam ]; // supply buffer to make it thread safe
io/file/dgfparser/dgfparser.cc:1083: return std::string( std::tmpnam( buffer ) );
and as far as I see, Martin introduced this in rev 7326.
Because I didn't know tmpnam I googled it and found some controverse discusstions:
[http://bytes.com/topic/c/answers/222683-tmpnam]:
Race conditions: tmpnam() generates a file name that is
not in use at the moment of the call, but there's no
guarantee that some other program might not create such
a file two nanoseconds later, before you get a chance
to use the name tmpnam() built for you.
Security holes: It's at least conceivable that the race
condition mentioned above could be exploited as part of
a penetration of privilege barriers.
[http://www.cygwin.com/ml/libc-alpha/2000-11/msg00184.html]
No, you can use `tmpnam' safely by opening the returned file name with
O_CREAT|O_EXCL. This is similar to what `mkstemp' does internally.
I've seen applications that do this for portability reasons, as
`mkstemp' is not universally supported.
Can you please comment on your change and whats its impact?
My system:
Standart Ubuntu 10.10 x64 with g++ (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5
Have a nice day
Patrick
More information can be found at the following URL:
http://www.dune-project.org/flyspray/index.php?do=details&task_id=914
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the Dune
mailing list