This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: Security patch for binutils-2.11.92.0.10 (2nd try)...
- To: "Steven J. Hill" <sjhill at realitydiluted dot com>
- Subject: Re: Security patch for binutils-2.11.92.0.10 (2nd try)...
- From: Nick Clifton <nickc at cambridge dot redhat dot com>
- Date: 09 Nov 2001 16:13:42 +0000
- Cc: binutils at sources dot redhat dot com, sjhill at cotw dot com
- References: <E162D5q-0000ow-00@real.realitydiluted.com>
Hi Steven,
> This is my second attempt at a small security patch to replace
> all 'mktemp' calls (2 of them) with calls to 'mkstemp'. My
> first patch was wrong because I neglected to close the open
> file descriptor that gets returned by 'mkstemp'. This is now
> fixed and should function properly. Thanks.
Except that this does not really improve the security of the tools
that use the make_tempname() function. The reason mkstemp() is better
than mktemp() is that returns a file descriptor that has been opened
with O_EXCL. By closing the descriptor, and then reopening the file
later on, you loose the security inherent in creating the temporary
name and opening the file at the same time.
Of course since binutils currently uses mktemp() it is already open to
this problem. But just replacing mktemp() with mkstemp() will not
improve anything, and in fact might be harmful, since it will make
the helpful gcc warning message
bucomm.c:236: the use of `mktemp' is dangerous, better use `mkstemp'
go away. At least with the message present we are reminded that this
code needs reworking.
Cheers
Nick