From owner-freebsd-security  Mon May 14  7:26:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sol.serv.u-szeged.hu (sol.serv.u-szeged.hu [160.114.51.3])
	by hub.freebsd.org (Postfix) with ESMTP id 19C5D37B422
	for <freebsd-security@freebsd.org>; Mon, 14 May 2001 07:26:09 -0700 (PDT)
	(envelope-from sziszi@petra.hos.u-szeged.hu)
Received: from petra.hos.u-szeged.hu by sol.serv.u-szeged.hu (8.9.3+Sun/SMI-SVR4)
	id QAA29949; Mon, 14 May 2001 16:26:07 +0200 (MEST)
Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian))
	id 14zJIT-0000Qx-00
	for <freebsd-security@FreeBSD.org>; Mon, 14 May 2001 16:26:05 +0200
Date: Mon, 14 May 2001 16:26:05 +0200
From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
To: freebsd-security@FreeBSD.org
Subject: Re: Warnings while compiling Samba
Message-ID: <20010514162605.C3213@petra.hos.u-szeged.hu>
Mail-Followup-To: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	freebsd-security@FreeBSD.org
References: <3AFFE661.5D6015EA@comune.arzignano.vi.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3AFFE661.5D6015EA@comune.arzignano.vi.it>; from fathom@comune.arzignano.vi.it on Mon, May 14, 2001 at 04:06:25PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, May 14, 2001 at 04:06:25PM +0200, Francesco Toscan wrote:
> Hi,
> 
> last night i decided to turn that old 486 into a Samba server for my
> internal network.
> I cvsupped to 4.3-STABLE, synched my source and ports tree and then
> compiled samba-devel from ports.
> make goes fine and servers work well as expected, but during compilation
> i noticed several warnings like this:
> 
> lib/util.o: In function `smbd_mktemp':
> lib/util.o(.text+0x28d8): warning: mktemp() possibly used unsafely;
> consider using mkstemp()
> 
> Now, servers work, but should i be concerned about any security issues
> derivating from these warnings?

Hello,

This warning is always triggered if the linker encounters this function
name since often it is used unsafely and since FreeBSD provides a better
alternative. But this is for the programmer/porter who might consider if he
better swap mktemp() to mkstemp() or not. Unfortunately, it is not as easy
as switching the two words... so I do not think you should be very
concerned about this. 

-- 
Regards:

Szilveszter ADAM
Szeged University
Szeged Hungary

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message