From owner-cvs-all  Tue Oct 20 09:29:10 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA04070
          for cvs-all-outgoing; Tue, 20 Oct 1998 09:29:10 -0700 (PDT)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.15.68.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA04053;
          Tue, 20 Oct 1998 09:29:03 -0700 (PDT)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id CAA15294;
	Wed, 21 Oct 1998 02:28:35 +1000
Date: Wed, 21 Oct 1998 02:28:35 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199810201628.CAA15294@godzilla.zeta.org.au>
To: bde@zeta.org.au, peter@netplex.com.au
Subject: Re: cvs commit: src/lib/libc/stdio mktemp.c
Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

>> Yes, any change breaks:
>> 
>> 	/*
>> 	 * Prevent even ourself from easily accessing the tmp file except
>> 	 * via the fd returned by mkstemp().  Dont ask why :-).
>> 	 */
>> 	umask(0777);
>> 	fd = mkstemp(foo);
>
>man mkstemp:
>     The mkstemp() function makes the same replacement to the template and
>     creates the template file, mode 0600, returning a file descriptor opened
>                                     ^^^^
>     for reading and writing.  This avoids the race between testing for a
>     file's existence and opening it for use.

man creat.  It's not clear that creation has its English meaning or the
technical one of creat.  I trust the code more than the man page.

>A specfic mode is specified, your example is broken, especially on NFS.  
>The way to implement what you want is:
>
>     fd = mkstemp(foo);
>     unlink(foo);

This has a race between the mkstemp() and the unlink().

>or, if you want a FILE * in the end, use "fp = tmpfile();"

Hmm.  POSIX specifies that tmpfile() shall allocate the fd as fopen()
does (and that fopen() shall allocate it as open() does).  This seems
to require honouring the umask.

>Yes, you are right, nvi is going gaga.  However, mkstemp() is still 
>broken, it does not behave as specified.  This interface is not one we 
>"own" and we cannot change it.

Who owns it?  The Linux (Redhat version mumble) man page says that
mkstemp() conforms to BSD 4.3 and creates the file with permissions
0666.  glibc-2.0.5c uses the same O_EXCL open as us except for using
this insecure mode.

Bruce

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message