This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PATCH: remove dot_rdg

On Wed, 16 Dec 2009, Dave Korn wrote:

>   I'm inferring it's a race condition problem with the /tmp/rdg.dot file we're
> talking about here.  I can just about imagine two users on the same shared
> system and one of them socially engineering the other into debugging a
> carefully-crafted compiler-crashing testcase that might hopefully prompt them
> to call dot_rdg whilst running a symlink-racer to seize control of the file
> when they create it, but I couldn't think of a remote way to exploit it; it's
> a fairly low risk vulnerability, as far as I can see.
> 
>   If we wanted to fix it, libiberty has mkstemp for us, IIRC.

The proper fix (if you wish to keep this functionality) is still to make 
this a normal dump file, whose name is based on that of the source file in 
the normal way, leaving it up to the user to view the dump file how they 
wish.

-- 
Joseph S. Myers
joseph@codesourcery.com
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]