This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [Ada] [Security] Patch for buffer overflow in __gnat_tmp_name()

From: Florian Weimer <fw at deneb dot enyo dot de>
To: dewar at gnat dot com (Robert Dewar)
Cc: gcc-patches at gcc dot gnu dot org, bosch at gnat dot com
Date: Sun, 10 Feb 2002 23:27:38 +0100
Subject: Re: [Ada] [Security] Patch for buffer overflow in __gnat_tmp_name()
References: <20020210215941.19239F28CD@nile.gnat.com>

dewar@gnat.com (Robert Dewar) writes:

> I am a little dubious about the TMPDIR removal here, since it seems quite
> useful to be able to do this redirection. The fact that some feature can
> be used in an inappropriate manner seems a bit of a dubious reason for
> its removal if it is useful.

I understand your point.  However, honoring the TMPDIR environment
variable makes the I/O part of the Ada runtime unsuitable for
set-user-ID programs, so this removes a feature, too. ;-)

Perhaps we should implement a subprogram which permits setting the
directory?  The programmer can then set the directory to the value of
the TMPDIR environment variable, if he wants to.

References:
- Re: [Ada] [Security] Patch for buffer overflow in __gnat_tmp_name()
  - From: Robert Dewar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]