From: Ulrich Drepper Date: Tue, 26 Sep 2000 07:18:57 +0000 (+0000) Subject: Update. X-Git-Tag: cvs/libc-2_1_95~82 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e5448d7ad2c39a6784894e8e840514b0d88333bc;p=platform%2Fupstream%2Fglibc.git Update. 2000-09-26 Ulrich Drepper * sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to remove possible garbage at the end of the file. * stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r. * stdio-common/tmpnam.c: Warn about insecure tmpnam. * stdio-common/tempnam.c: Warn about insecure tempnam. * misc/mktemp.c: Warn about insecure mktemp. --- diff --git a/ChangeLog b/ChangeLog index 1edd91a..574845e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ +2000-09-26 Ulrich Drepper + + * sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to + remove possible garbage at the end of the file. + 2000-09-25 Ulrich Drepper + * stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r. + * stdio-common/tmpnam.c: Warn about insecure tmpnam. + * stdio-common/tempnam.c: Warn about insecure tempnam. + * misc/mktemp.c: Warn about insecure mktemp. + * sysdeps/unix/sysv/linux/check_fds.c: New file. * sysdeps/generic/check_fds.c: Check that file opened is really /dev/null. diff --git a/manual/filesys.texi b/manual/filesys.texi index 942eb7f..c550d72 100644 --- a/manual/filesys.texi +++ b/manual/filesys.texi @@ -2870,7 +2870,7 @@ file is created another process might have created a file with the same name using @code{tmpnam}, leading to a possible security hole. The implementation generates names which can hardly be predicted, but when opening the file you should use the @code{O_EXCL} flag. Using -@code{tmpfile} is a safe way to avoid this problem. +@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem. @end deftypefun @comment stdio.h @@ -2881,6 +2881,9 @@ that if @var{result} is a null pointer it returns a null pointer. This guarantees reentrancy because the non-reentrant situation of @code{tmpnam} cannot happen here. + +@strong{Warning}: This function has the same security problems as +@code{tmpnam}. @end deftypefun @comment stdio.h @@ -2937,6 +2940,13 @@ The directory @file{/tmp}. @end itemize This function is defined for SVID compatibility. + +@strong{Warning:} Between the time the pathname is constructed and the +file is created another process might have created a file with the same +name using @code{tempnam}, leading to a possible security hole. The +implementation generates names which can hardly be predicted, but when +opening the file you should use the @code{O_EXCL} flag. Using +@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem. @end deftypefun @cindex TMPDIR environment variable diff --git a/misc/mktemp.c b/misc/mktemp.c index 4130f9e..4149aad 100644 --- a/misc/mktemp.c +++ b/misc/mktemp.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998, 1999 Free Software Foundation, Inc. +/* Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -32,3 +32,5 @@ mktemp (template) return template; } + +link_warning (mktemp, "the use of `mktemp' is dangerous, better use `mkstemp'") diff --git a/stdio-common/tempnam.c b/stdio-common/tempnam.c index 61af145..9910d9c 100644 --- a/stdio-common/tempnam.c +++ b/stdio-common/tempnam.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc. +/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -39,3 +39,6 @@ tempnam (const char *dir, const char *pfx) return __strdup (buf); } + +link_warning (tempnam, + "the use of `tempnam' is dangerous, better use `mkstemp'") diff --git a/stdio-common/tmpnam.c b/stdio-common/tmpnam.c index f78f0f0..c202760 100644 --- a/stdio-common/tmpnam.c +++ b/stdio-common/tmpnam.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc. +/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -45,3 +45,6 @@ tmpnam (char *s) return s; } + +link_warning (tmpnam, + "the use of `tmpnam' is dangerous, better use `mkstemp'") diff --git a/stdio-common/tmpnam_r.c b/stdio-common/tmpnam_r.c index 409d031..97bd127 100644 --- a/stdio-common/tmpnam_r.c +++ b/stdio-common/tmpnam_r.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc. +/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -33,3 +33,6 @@ tmpnam_r (char *s) return s; } + +link_warning (tmpnam_r, + "the use of `tmpnam_r' is dangerous, better use `mkstemp'") diff --git a/sysdeps/unix/sysv/linux/gethostid.c b/sysdeps/unix/sysv/linux/gethostid.c index f51b3a2..f19d515 100644 --- a/sysdeps/unix/sysv/linux/gethostid.c +++ b/sysdeps/unix/sysv/linux/gethostid.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc. +/* Copyright (C) 1995, 1996, 1998, 1999, 2000 Free Software Foundation, Inc. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as @@ -40,7 +40,7 @@ sethostid (id) } /* Open file for writing. Everybody is allowed to read this file. */ - fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY, 0644); + fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY|O_TRUNC, 0644); if (fd < 0) return -1;