ada/4482: Ada: /tmp race condition fixed only partially
fw@deneb.enyo.de
fw@deneb.enyo.de
Fri Oct 5 11:06:00 GMT 2001
>Number: 4482
>Category: ada
>Synopsis: /tmp race condition fixed only partially
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Oct 05 11:06:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Florian Weimer
>Release: 3.1 20011005 (experimental)
>Organization:
>Environment:
*BSD, and probably others.
>Description:
The implementation of __gnat_tmp_name() in ada/adainit.c creates temporary
files safely only on GNU/Linux. (/tmp race conditions are a security
problem.)
>How-To-Repeat:
Compile the following program:
with Ada.Text_IO;
use Ada.Text_IO;
procedure Test_Temp_File is
File : File_Type;
begin
Create (File);
end Test_Temp_File;
and run it under strace or a similar tool to check if the open() system
call for the tempory file uses the O_EXCL flag. If it doesn't,
it's very unlikely that the temporary file is created in a safe manner.
>Fix:
Use mkstemp() on more platforms, or copy the mkstemp() implementation from
GNU libc (which should work on most UNIX-like platforms).
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the Gcc-prs
mailing list