This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Libiberty for VMS - mkstemps.c don't mix case

DJ Delorie wrote: 
As a target maintainer, it's up to you to decide what the security
risks are, and how relevent they are to your platform.  My job is to
make sure you've thought of them :-)

If we can come up with a generic solution that works right for all
host environments, that's great.  If not, you get to decide how much
hacking you want to do for yours.  I think you'll get arguments if you
expect everyone else to assume their environment is not posix, though.


Right, maybe you can help me understand the risks on VMS.

Going back to the existing behavior make_temp_file will create a new file since the test for existence is not version specific, it will ways be version 1. Toplev.c in w+b mode with create a new file with the same name, but with version 2 and output the assembly. Gas, when called will open the newest version file for it's input.

What is the risk? Well seems like a hacker could insert a version 3 of the .s file during the time cc1 is working and gas would not be the wiser. Cc1 or Gnat1 could potentially run for a long time so there's significant window of opportunity.

Am I thinking about this correctly?

--Doug

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]