We have had some (security-relevant) warning regressions for the following two programs in tools:
winegcc.o: In function `get_temp_file': /test/wine/tools/winegcc.c:119: warning: tempnam() possibly used unsafely; consider using mkstemp() winewrap.o: In function `main': /test/wine/tools/winewrap.c(.text+0x7fe): warning: tempnam() possibly used unsafely; consider using mkstemp()
Would you mind using mkstemp() instead of tempnam()?
Gerald
On February 1, 2003 03:31 am, Gerald Pfeifer wrote:
We have had some (security-relevant) warning regressions for the following two programs in tools:
There's no regression -- these utilities have been using tempnam() from their very beginnings... :)
Would you mind using mkstemp() instead of tempnam()?
I'm afraid that's not possible. I need a file name to pass to other processes, not a file descriptor. Any other suggestions?
On Sun, Feb 02, 2003 at 06:12:06PM -0500, Dimitrie O. Paun wrote:
On February 1, 2003 03:31 am, Gerald Pfeifer wrote:
We have had some (security-relevant) warning regressions for the following two programs in tools:
There's no regression -- these utilities have been using tempnam() from their very beginnings... :)
Would you mind using mkstemp() instead of tempnam()?
I'm afraid that's not possible. I need a file name to pass to other processes, not a file descriptor. Any other suggestions?
mkstemp returns both filename and descriptor, it modifies the passed argument array. There is just the caveat that it needs the filename to end with XXXXXX.
Ciao, Marcus
On February 3, 2003 12:57 am, Marcus Meissner wrote:
mkstemp returns both filename and descriptor, it modifies the passed argument array. There is just the caveat that it needs the filename to end with XXXXXX.
Thanks, but in all honesty, I don't think this is such a big security issue. If someone feels strong enough about it, please submit a patch. I just don't have the time to do it.
-
Dimitrie O. Paun -
Gerald Pfeifer -
Marcus Meissner