From owner-freebsd-current Thu Jan 13 9:31:33 2000 Delivered-To: freebsd-current@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id 18C4F15117; Thu, 13 Jan 2000 09:31:28 -0800 (PST) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.3/8.9.3) with ESMTP id JAA08606; Thu, 13 Jan 2000 09:29:59 -0800 (PST) (envelope-from jdp@polstra.com) From: John Polstra Received: (from jdp@localhost) by vashon.polstra.com (8.9.3/8.9.1) id JAA75664; Thu, 13 Jan 2000 09:29:59 -0800 (PST) (envelope-from jdp@polstra.com) Date: Thu, 13 Jan 2000 09:29:59 -0800 (PST) Message-Id: <200001131729.JAA75664@vashon.polstra.com> To: obrien@freebsd.org Subject: Re: RFC: buildworld breakage due to cross-tools/libc/mktemp. In-Reply-To: <20000112211625.A21988@dragon.nuxi.com> References: <20000112172213.Z302@sturm.canonware.com> <200001130300.TAA74514@vashon.polstra.com> <20000112211625.A21988@dragon.nuxi.com> Organization: Polstra & Co., Seattle, WA Cc: current@freebsd.org Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article <20000112211625.A21988@dragon.nuxi.com>, David O'Brien wrote: > On Wed, Jan 12, 2000 at 07:00:01PM -0800, John Polstra wrote: > > > I _really_ don't like it when a program reaches waaaaaaay over into an > > unrelated directory for its sources. > > We already do that all over the place. :-) We do it in a few places, but not many. That doesn't make it a good practice, anyway. Those few places where it is done have been responsible for more than their share of unpleasant surprises in the form of make world breakage. > > I'd rather have a few duplicated sources. > > I dissagree. Then we have the problem of fixing a PR/bug in one source > but not the other. Such duplicated routines should be few in number and simple in function. Compilers don't need much support from the underlying OS. All they do is read files, perform various transformations on them, and write out the results. You don't need anything beyond what ANSI/ISO C provides to accomplish that. It is not ideal to have some duplicated code, but the alternative is worse. > The use/making of temperary files is already a security issue. I > can just see it happen that someone fixes a problem with one copy of > the source and then we find we still have some vulerabiltity because > the second copy wasn't known/found/fixed. Come on, this is the compiler we're talking about. I seriously doubt there are any real-life security issues there. If there are, then you duplicate mkstemp. Surely it isn't such a complicated function that that can't be done reliably. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message