This is the mail archive of the
binutils@sourceware.cygnus.com
mailing list for the binutils project.
Re: objdump still uses /tmp insecurely
- To: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Subject: Re: objdump still uses /tmp insecurely
- From: "H . J . Lu" <hjl at valinux dot com>
- Date: Mon, 8 May 2000 08:56:33 -0700
- Cc: binutils at sourceware dot cygnus dot com
- References: <Pine.SOL.4.21.0005081343290.2336-100000@red.csi.cam.ac.uk>
On Mon, May 08, 2000 at 01:56:51PM +0100, Joseph S. Myers wrote:
> objdump sometimes opens temporary files without using O_EXCL.
>
> Testcase: strace objdump -i
>
> Fix: avoid using the deprecated choose_temp_base() from libiberty.
> libiberty provides secure temporary file interfaces as well.
>
How about this patch?
H.J.
--
2000-05-08 H.J. Lu (hjl@gnu.org)
* choose-temp.c (choose_temp_base): Make it
make_temp_file (NULL).
Index: choose-temp.c
===================================================================
RCS file: /work/cvs/gnu/binutils/libiberty/choose-temp.c,v
retrieving revision 1.1.1.3
diff -u -p -r1.1.1.3 choose-temp.c
--- choose-temp.c 2000/02/24 19:11:27 1.1.1.3
+++ choose-temp.c 2000/05/08 15:55:22
@@ -92,54 +92,15 @@ try (dir, base)
}
/* Return a prefix for temporary file names or NULL if unable to find one.
- The current directory is chosen if all else fails so the program is
- exited if a temporary directory can't be found (mktemp fails).
- The buffer for the result is obtained with xmalloc.
+ The current directory is chosen if all else fails. The buffer for
+ the result is obtained with xmalloc. */
- This function is provided for backwards compatability only. It use
- is not recommended. */
-
char *
choose_temp_base ()
{
- char *base = 0;
- char *temp_filename;
- int len;
- static char tmp[] = { DIR_SEPARATOR, 't', 'm', 'p', 0 };
- static char usrtmp[] = { DIR_SEPARATOR, 'u', 's', 'r', DIR_SEPARATOR, 't', 'm', 'p', 0 };
-
- base = try (getenv ("TMPDIR"), base);
- base = try (getenv ("TMP"), base);
- base = try (getenv ("TEMP"), base);
-
-#ifdef P_tmpdir
- base = try (P_tmpdir, base);
-#endif
-
- /* Try /usr/tmp, then /tmp. */
- base = try (usrtmp, base);
- base = try (tmp, base);
-
- /* If all else fails, use the current directory! */
- if (base == 0)
- base = ".";
-
- len = strlen (base);
- temp_filename = xmalloc (len + 1 /*DIR_SEPARATOR*/
- + strlen (TEMP_FILE) + 1);
- strcpy (temp_filename, base);
-
- if (len != 0
- && temp_filename[len-1] != '/'
- && temp_filename[len-1] != DIR_SEPARATOR)
- temp_filename[len++] = DIR_SEPARATOR;
- strcpy (temp_filename + len, TEMP_FILE);
-
- mktemp (temp_filename);
- if (strlen (temp_filename) == 0)
- abort ();
- return temp_filename;
+ return make_temp_file (NULL);
}
+
/* Return a temporary file name (as a string) or NULL if unable to create
one. */