"dangerous" warning question

NightStrike nightstrike@gmail.com
Sun Jul 15 06:12:00 GMT 2007


On 7/14/07, Brian Dessent <brian@dessent.net> wrote:
> NightStrike wrote:
>
> > When compiling binutils, I receive this warning:
> >
> > ../../src/libiberty/choose-temp.c:68: warning: the use of `mktemp' is
> > dangerous, better use `mkstemp'
> >
> > Is this something I can do anything about, such as via a configure
> > option?  What exactly does this mean?
>
> This is a warning from glibc.  It's telling you that you're building
> code that uses the mktemp function which is considered dangerous by
> design due to the race condition inherent between when the filename is
> checked for existance and its subsequent open().  libiberty acknowledges
> this deficiency:
>
> > @deftypefn Extension char* choose_temp_base (void)
> >
> > Return a prefix for temporary file names or @code{NULL} if unable to
> > find one.  The current directory is chosen if all else fails so the
> > program is exited if a temporary directory can't be found (@code{mktemp}
> > fails).  The buffer for the result is obtained with @code{xmalloc}.
> >
> > This function is provided for backwards compatibility only.  Its use is
> > not recommended.
>
> It's not likely that choose_temp_base() could ever be removed from
> libiberty since this library is shared by lots of projects, but at least
> as a first step it would be a good idea I suppose if all consumers of it
> in binutils were removed.  At the moment that seems to be just
> dlltool.c, dllwrap.c, and resrc.c, which is not surprising as these tend
> to suffer from a lot of bitrot anyway.  But that's not going to do
> anything to remove the warning, as you will always get that when
> building libiberty on a glibc host even if you removed all
> choose_temp_base callers.
>
> As far as I know there is no way to disable the warning in glibc, and
> the glibc developers are not interested in hearing any complaints about
> it.  The fact that you don't get the warning on other platforms doesn't
> mean mktemp() isn't inherently broken/insecure there too, it just means
> that glibc is particularly militant about spreading their ideas on these
> matters.


Would the best course of action be to remove calls to choose_temp_base
from those aforementioned files, and to further change the way
choose_temp_base works to call mkstemp instead of mktemp?  Or would
that break other things?

I'm obviously a fledgling in this regard -- just trying to learn, so I
appreciate your patience and your verbosity.  The indepth answers that
you, and everyone on this list, provides is immensely helpful.



More information about the Binutils mailing list