From owner-freebsd-security  Fri Jun  8 14: 6:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8])
	by hub.freebsd.org (Postfix) with ESMTP id ECCC637B401
	for <security@FreeBSD.ORG>; Fri,  8 Jun 2001 14:06:48 -0700 (PDT)
	(envelope-from bright@superconductor.rush.net)
Received: (from bright@localhost)
	by superconductor.rush.net (8.11.2/8.11.2) id f58L6FV21153;
	Fri, 8 Jun 2001 17:06:15 -0400 (EDT)
Date: Fri, 8 Jun 2001 17:06:14 -0400
From: Alfred Perlstein <bright@rush.net>
To: Michael Tang Helmeste <glassfish@frogbox.dyndns.org>
Cc: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>,
	security@FreeBSD.ORG
Subject: Re: Unsafe Message
Message-ID: <20010608170613.I1832@superconductor.rush.net>
References: <Pine.BSF.4.21.0106072126530.58539-100000@libertad.univalle.edu.co> <GLECJJEOFFBMALIKCDHIEEBCCBAA.glassfish@glassfish.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0us
In-Reply-To: <GLECJJEOFFBMALIKCDHIEEBCCBAA.glassfish@glassfish.net>; from glassfish@frogbox.dyndns.org on Fri, Jun 08, 2001 at 04:26:14PM -0400
X-all-your-base: are belong to us.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Please trim your messages, please get a mail client that quotes
messages properly.

> > On Thu, Jun 07, 2001 at 08:32:32PM -0500, Buliwyf McGraw wrote:
> > >  Everytime that i compile something on my server, i get this message:
> > >
> > >  warning: tmpnam() possibly used unsafely; consider using mkstemp()
> > >
> > >  What it means?

* Michael Tang Helmeste <glassfish@frogbox.dyndns.org> [010608 16:26] wrote:
> Well, this may be changed in newer versions of the library, or you could go
> into the code yourself and change it. Personally I don't like going into
> other people's code, but if you really want to fix this, then the best of
> luck to you :)
> Theres not much other answer that I can provide other than this, sorry.

tmpnam() is unsafe because it only gives you a name in memory, the file
name that it generates is still not actually created so if you go ahead
and blindly create/open the filename you get back from tmpnam() you may
loose a race against something else trying to dupe you into opening or
clobbering something you shouldn't.

mkstemp() is safe because it actually generates the file for you and
creates it with reasonable permissions:
     The mkstemp() function makes the same replacement to the template and
     creates the template file, mode 0600, returning a file descriptor opened
     for reading and writing.  This avoids the race between testing for a
     file's existence and opening it for use.

This has been discussed on many lists, many times in the past.

-- 
-Alfred Perlstein [alfred@freebsd.org]
Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message