+2000-09-26 Ulrich Drepper <drepper@redhat.com>
+
+ * sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to
+ remove possible garbage at the end of the file.
+
2000-09-25 Ulrich Drepper <drepper@redhat.com>
+ * stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r.
+ * stdio-common/tmpnam.c: Warn about insecure tmpnam.
+ * stdio-common/tempnam.c: Warn about insecure tempnam.
+ * misc/mktemp.c: Warn about insecure mktemp.
+
* sysdeps/unix/sysv/linux/check_fds.c: New file.
* sysdeps/generic/check_fds.c: Check that file opened is really
/dev/null.
name using @code{tmpnam}, leading to a possible security hole. The
implementation generates names which can hardly be predicted, but when
opening the file you should use the @code{O_EXCL} flag. Using
-@code{tmpfile} is a safe way to avoid this problem.
+@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
@end deftypefun
@comment stdio.h
This guarantees reentrancy because the non-reentrant situation of
@code{tmpnam} cannot happen here.
+
+@strong{Warning}: This function has the same security problems as
+@code{tmpnam}.
@end deftypefun
@comment stdio.h
@end itemize
This function is defined for SVID compatibility.
+
+@strong{Warning:} Between the time the pathname is constructed and the
+file is created another process might have created a file with the same
+name using @code{tempnam}, leading to a possible security hole. The
+implementation generates names which can hardly be predicted, but when
+opening the file you should use the @code{O_EXCL} flag. Using
+@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
@end deftypefun
@cindex TMPDIR environment variable
-/* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
return template;
}
+
+link_warning (mktemp, "the use of `mktemp' is dangerous, better use `mkstemp'")
-/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
return __strdup (buf);
}
+
+link_warning (tempnam,
+ "the use of `tempnam' is dangerous, better use `mkstemp'")
-/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
return s;
}
+
+link_warning (tmpnam,
+ "the use of `tmpnam' is dangerous, better use `mkstemp'")
-/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
return s;
}
+
+link_warning (tmpnam_r,
+ "the use of `tmpnam_r' is dangerous, better use `mkstemp'")
-/* Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (C) 1995, 1996, 1998, 1999, 2000 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public License as
}
/* Open file for writing. Everybody is allowed to read this file. */
- fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY, 0644);
+ fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY|O_TRUNC, 0644);
if (fd < 0)
return -1;