This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [Ada] [Security] Patch for buffer overflow in __gnat_tmp_name()
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: dewar at gnat dot com (Robert Dewar)
- Cc: gcc-patches at gcc dot gnu dot org, bosch at gnat dot com
- Date: Sun, 10 Feb 2002 23:27:38 +0100
- Subject: Re: [Ada] [Security] Patch for buffer overflow in __gnat_tmp_name()
- References: <20020210215941.19239F28CD@nile.gnat.com>
dewar@gnat.com (Robert Dewar) writes:
> I am a little dubious about the TMPDIR removal here, since it seems quite
> useful to be able to do this redirection. The fact that some feature can
> be used in an inappropriate manner seems a bit of a dubious reason for
> its removal if it is useful.
I understand your point. However, honoring the TMPDIR environment
variable makes the I/O part of the Ada runtime unsuitable for
set-user-ID programs, so this removes a feature, too. ;-)
Perhaps we should implement a subprogram which permits setting the
directory? The programmer can then set the directory to the value of
the TMPDIR environment variable, if he wants to.