From: "Bart Schaefer" <schaefer@candle.brasslantern.com>
To: Wayne Davison <wayned@users.sourceforge.net>,
Peter Stephenson <pws@pwstephenson.fsnet.co.uk>
Cc: Zsh hackers list <zsh-workers@sunsite.auc.dk>
Subject: Re: PATCH: 4.1.0: mkstemp
Date: Sat, 16 Jun 2001 03:07:27 +0000 [thread overview]
Message-ID: <1010616030727.ZM4354@candle.brasslantern.com> (raw)
In-Reply-To: <Pine.LNX.4.33L2.0106151654030.8874-100000@phong.blorf.net>
On Jun 15, 4:56pm, Wayne Davison wrote:
} Subject: Re: PATCH: 4.1.0: mkstemp
}
} On Sat, 16 Jun 2001, Peter Stephenson wrote:
} > gcc has taken to complaining about using mktemp() instead of mkstemp().
}
} Since mkstemp() returns a file handle, not a file name, I reverted the
} code in util.c back to how it was.
You should have made a ChangeLog entry, or deleted PWS's ...
We could, of course, do this:
#ifdef HAVE_MKSTEMP
if (close(mkstemp(ret = dyncat(unmeta(s), "XXXXXX"))) < 0 ||
unlink(ret) < 0)
ret = NULL;
#else
...
strictly for purposes of silencing silly warnings. However, it is the
case that zsh always uses mktemp() safely -- it always opens the file
with O_CREAT|O_EXCL after generating the name, so it'll simply fail if
someone else manages to create the name first; zsh can't be duped into
using a file owned by someone else as long as $TMPPREFIX does not refer
to an NFS filesystem (in which case even mkstemp() is not safe, as far
as I can tell).
I suppose one could conceivably use this behavior to do a crude DoS attack
on a zsh user on systems where mktemp() is predictable. Of course, the
create/unlink trick above makes it possible to actually watch for the name
to appear and then re-create it immediately after it vanishes, which is
probably worse than if it were never created in the first place.
I was just checking through the code that uses gettempname(), and there
is only one instance where we absolutely couldn't use mkstemp() instead:
The case of wanting to create a temporary FIFO. There we'd have to do
an unlink() before the mkfifo(), which makes mkstemp() no improvement.
--
Bart Schaefer Brass Lantern Enterprises
http://www.well.com/user/barts http://www.brasslantern.com
Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net
next prev parent reply other threads:[~2001-06-16 3:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-15 23:14 Peter Stephenson
2001-06-15 23:56 ` Wayne Davison
2001-06-16 3:07 ` Bart Schaefer [this message]
2001-06-16 6:24 ` Wayne Davison
2001-06-16 6:48 ` Geoff Wing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1010616030727.ZM4354@candle.brasslantern.com \
--to=schaefer@candle.brasslantern.com \
--cc=pws@pwstephenson.fsnet.co.uk \
--cc=wayned@users.sourceforge.net \
--cc=zsh-workers@sunsite.auc.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).