From owner-freebsd-security Wed Jan 16 7:46:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mafalda.univalle.edu.co (mafalda.univalle.edu.co [200.68.158.10]) by hub.freebsd.org (Postfix) with ESMTP id AE2C037B417 for ; Wed, 16 Jan 2002 07:46:31 -0800 (PST) Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [192.168.18.91]) by mafalda.univalle.edu.co (8.12.1/8.12.1) with ESMTP id g0GDmol7013613 for ; Wed, 16 Jan 2002 08:48:51 -0500 (GMT) Received: from libertad.univalle.edu.co (buliwyf@localhost.univalle.edu.co [127.0.0.1]) by libertad.univalle.edu.co (8.12.1/8.12.1) with ESMTP id g0GDueJI060223 for ; Wed, 16 Jan 2002 08:56:40 -0500 (COT) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.12.1/8.12.1/Submit) with ESMTP id g0GDuegA060220 for ; Wed, 16 Jan 2002 08:56:40 -0500 (COT) Date: Wed, 16 Jan 2002 08:56:40 -0500 (COT) From: Buliwyf McGraw To: freebsd-security@FreeBSD.ORG Subject: Re: gets() is unsafe (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Kris Kennaway, and lo! it spake thus: > > * Buliwyf McGraw [020114 14:49] wrote: > > > > > > Hi... i was installing several applications (php,xmms,etc) on my > > > FreeBSD 4.4 server and i got the next message a lot of times when > > > i was compiling: ^^^^^^^^^ > > > /usr/lib/compat/libc.so.3: warning: mktemp() possibly used unsafely; > > > consider using mkstemp() > > > /usr/lib/compat/libc.so.3: warning: tmpnam() possibly used unsafely; > > > consider using mkstemp() [...] > > No, this is a FAQ; it's a bug in the linker which causes it to trip > > every single _warn_references() in the library when it links to libc, > > regardless of whether the program actually uses the functions in > > question. > I think it's an even better FAQ: Why, when he's compiling, is it linking > against a compat/libc? Ok... i have to say that i am not an expert on FreeBSD, just a new admin... I installed FreeBSD 4.4 on my box (in some way, "everything by default")... and then i started to install some applications (apache,php,etc), not with the /stand/sysinstall utility, but in the traditional way: - Download the *.tar.gz - Uncompress, configure, make, make install I expected no problems... but as you can see, the warning messages give an "insecure" sensation. I want to do something to avoid that messages when i try to compile a GNU application. Thanks for your comments and help. ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message