Date: Mon, 20 Nov 2000 10:53:27 +0100 From: Brad Knowles <blk@skynet.be> To: FreeBSD audit mailing list <audit@FreeBSD.ORG> Subject: Possible unsafe uses of mktemp() found during "make buildworld"... Message-ID: <v04220807b63ea24a1d11@[195.238.1.121]>
next in thread | raw e-mail | index | archive | help
Folks, I don't know if this is interesting at all or not, but I recently discovered a number of "warning: mktemp() possibly used unsafely; consider using mkstemp()" type errors during a recent "make buildworld", and I thought it might be of use to provide that information here. The command I ran to generate the output (under bash) is: $ cd /usr/src $ make update $ make buildworld > /var/log/make.buildworld 2>&1 & To pull the mkstemp warnings out, the command pipeline that I finally settled on is: $ cd /var/log $ grep -i mkstemp\(\) make.buildworld | cut -f 1 -d ' ' | sort -u The output is: bucomm.o(.text+0x35b): choose-temp.o(.text+0x13e): crunchgen.o(.text+0x204): ctm_pass2.o(.text+0x7fa): eval.o(.text+0x417): indxbib.o(.text+0x40b): main.o(.text+0x33a): mk-amd-map.o(.text+0x575): mount_portal.o(.text+0xeb): patch.o(.text+0xc8): printjob.o(.text+0xf1): quit.o(.text+0xb76): rcsedit.o(.text+0x1936): rcsfnms.o(.text+0xd0): sdiff.o(.text+0x10c7): tables.o(.text+0x348): texindex.o(.text+0xbd): xlint.o(.text+0x4b2): xstr.o(.text+0xbe): yppasswdd_server.o(.text+0xba9): Without the `sort -u` at the end, on my FreeBSD 4.2-BETA machine (cvsupped this past Saturday evening), this runs to 49 lines of output. I know that mktemp() can be safely used, but I was surprised at the number of times that this warning showed up during a "make buildworld". I was especially surprised the first time I noticed this, when I had directed stdout to a file, but saw all these unexpected warnings pop up. Anyway, if this isn't useful, please let me know. I just thought that it was rather unsettling, and that perhaps folks on this list might be interested. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, <blk@skynet.be> || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04220807b63ea24a1d11>