Marcus Meissner meissner@suse.de writes:
Check for mkstemp, added a port implementation if it is not present. Use mkstemp() in various places needing tmp files.
I'm not sure this is a good idea, mkstemp() is apparently buggy in old libc versions. tmpnam() is actually pretty reasonable assuming it is used correctly, which of course is not the case everywhere but that could be fixed.
On Fri, Jul 26, 2002 at 01:21:05PM -0700, Alexandre Julliard wrote:
I'm not sure this is a good idea, mkstemp() is apparently buggy in old libc versions.
What do you mean by buggy? Is the result wrong or are the security features not working correctly? What are "old" libc versions?
tmpnam() is actually pretty reasonable assuming it is used correctly, which of course is not the case everywhere but that could be fixed.
Depending on your answer to the questions above, I think the approach Marcus took was the right one. If need be, there could always be a configure check for the buggy implementation.
ciao Jörg
-- Joerg Mayer jmayer@loplof.de I found out that "pro" means "instead of" (as in proconsul). Now I know what proactive means.
On Fri, Jul 26, 2002 at 01:21:05PM -0700, WINE wrote:
Marcus Meissner meissner@suse.de writes:
Check for mkstemp, added a port implementation if it is not present. Use mkstemp() in various places needing tmp files.
I'm not sure this is a good idea, mkstemp() is apparently buggy in old libc versions. tmpnam() is actually pretty reasonable assuming it is used correctly, which of course is not the case everywhere but that could be fixed.
This has been some time ago, and those old libc versions should not be used anymore for security reasons.
If you have a description on what was broken I can whip up a configure check though.
Ciao, Marcus
Marcus Meissner meissner@suse.de writes:
This has been some time ago, and those old libc versions should not be used anymore for security reasons.
Well the man page says "Don't use this function", and if it's broken in old glibc it can be broken on other systems too. I think it's safer to do the open ourselves, especially since this is pretty trivial to do.
If you have a description on what was broken I can whip up a configure check though.
The bug is that the temp file is created with mode 0666. But you can't do a configure check for a run-time feature/bug anyway.
On Sat, Jul 27, 2002 at 09:13:09AM -0700, Alexandre Julliard wrote:
Marcus Meissner meissner@suse.de writes:
This has been some time ago, and those old libc versions should not be used anymore for security reasons.
Well the man page says "Don't use this function", and if it's broken in old glibc it can be broken on other systems too. I think it's safer to do the open ourselves, especially since this is pretty trivial to do.
I think X11 is pretty arcane and not very flexible. Thus we should probably write our own display interface. And last time I checked, Linux froze my whole system due to sound bugs, and as they don't fix it, Linux is totally unreliable, so let's write our own sound hardware driver for Wine (and thus of course replace the whole OS).
That ok for you ?
I guess not. Modularity is there for a reason, so if we can make use of it, we should.
Now if the phrase "Don't use this function" does have some real reason for its existence, then we should rewrite the functionality, of course. (note that some people believe that man pages are always outdated) Otherwise just use that function, I'd say...
(OTOH it's pretty small, so maybe really give up and just write our own)
On Sat, Jul 27, 2002 at 09:13:09AM -0700, Alexandre Julliard wrote:
The bug is that the temp file is created with mode 0666. But you can't do a configure check for a run-time feature/bug anyway.
Well, this bug doesn't really matter. If it matters, people will long have installed a fixed libc, if they don't care, it doesn't matter. There are tons of programs out there that use this function, why should wine be the one application that cares about the existence of old bugs. You are right about checking for runtime bugs, though.
ciao Jörg
-- Joerg Mayer jmayer@loplof.de I found out that "pro" means "instead of" (as in proconsul). Now I know what proactive means.
On Sat, Jul 27, 2002 at 09:13:09AM -0700, WINE wrote:
Marcus Meissner meissner@suse.de writes:
This has been some time ago, and those old libc versions should not be used anymore for security reasons.
Well the man page says "Don't use this function", and if it's broken in old glibc it can be broken on other systems too. I think it's safer to do the open ourselves, especially since this is pretty trivial to do.
Actually there are a lot of programs using mkstemp now and it would be terrible if they were all broken.
If you have a description on what was broken I can whip up a configure check though.
The bug is that the temp file is created with mode 0666. But you can't do a configure check for a run-time feature/bug anyway.
According to my manpage this was fixed in glibc 2.0.7, which was released 3 years ago.
I do not see why we should not use mkstemp, it is one of the canonical ways of creating tempfiles throughout the security community.
Ciao, Marcus
Marcus Meissner meissner@suse.de writes:
I do not see why we should not use mkstemp, it is one of the canonical ways of creating tempfiles throughout the security community.
Well, I don't like it, but since apparently everybody else does I've applied the patch anyway...
-
Alexandre Julliard -
Andreas Mohr -
Joerg Mayer -
Marcus Meissner