mirror of
https://sourceware.org/git/glibc.git
synced 2025-07-28 00:21:52 +03:00
Update.
2000-09-26 Ulrich Drepper <drepper@redhat.com> * sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to remove possible garbage at the end of the file. * stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r. * stdio-common/tmpnam.c: Warn about insecure tmpnam. * stdio-common/tempnam.c: Warn about insecure tempnam. * misc/mktemp.c: Warn about insecure mktemp.
This commit is contained in:
Ulrich Drepper
10
ChangeLog
10
ChangeLog
@ -1,5 +1,15 @@
|
|||||||
|
2000-09-26 Ulrich Drepper <drepper@redhat.com>
|
||||||
|
|
||||||
|
* sysdeps/unix/sysv/linux/gethostid.c (sethostid): Use O_TRUNC to
|
||||||
|
remove possible garbage at the end of the file.
|
||||||
|
|
||||||
2000-09-25 Ulrich Drepper <drepper@redhat.com>
|
2000-09-25 Ulrich Drepper <drepper@redhat.com>
|
||||||
|
|
||||||
|
* stdio-common/tmpnam_r.c: Warn about insecure tmpnam_r.
|
||||||
|
* stdio-common/tmpnam.c: Warn about insecure tmpnam.
|
||||||
|
* stdio-common/tempnam.c: Warn about insecure tempnam.
|
||||||
|
* misc/mktemp.c: Warn about insecure mktemp.
|
||||||
|
|
||||||
* sysdeps/unix/sysv/linux/check_fds.c: New file.
|
* sysdeps/unix/sysv/linux/check_fds.c: New file.
|
||||||
* sysdeps/generic/check_fds.c: Check that file opened is really
|
* sysdeps/generic/check_fds.c: Check that file opened is really
|
||||||
/dev/null.
|
/dev/null.
|
||||||
|
|||||||
@ -2870,7 +2870,7 @@ file is created another process might have created a file with the same
|
|||||||
name using @code{tmpnam}, leading to a possible security hole. The
|
name using @code{tmpnam}, leading to a possible security hole. The
|
||||||
implementation generates names which can hardly be predicted, but when
|
implementation generates names which can hardly be predicted, but when
|
||||||
opening the file you should use the @code{O_EXCL} flag. Using
|
opening the file you should use the @code{O_EXCL} flag. Using
|
||||||
@code{tmpfile} is a safe way to avoid this problem.
|
@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
|
||||||
@end deftypefun
|
@end deftypefun
|
||||||
|
|
||||||
@comment stdio.h
|
@comment stdio.h
|
||||||
@ -2881,6 +2881,9 @@ that if @var{result} is a null pointer it returns a null pointer.
|
|||||||
|
|
||||||
This guarantees reentrancy because the non-reentrant situation of
|
This guarantees reentrancy because the non-reentrant situation of
|
||||||
@code{tmpnam} cannot happen here.
|
@code{tmpnam} cannot happen here.
|
||||||
|
|
||||||
|
@strong{Warning}: This function has the same security problems as
|
||||||
|
@code{tmpnam}.
|
||||||
@end deftypefun
|
@end deftypefun
|
||||||
|
|
||||||
@comment stdio.h
|
@comment stdio.h
|
||||||
@ -2937,6 +2940,13 @@ The directory @file{/tmp}.
|
|||||||
@end itemize
|
@end itemize
|
||||||
|
|
||||||
This function is defined for SVID compatibility.
|
This function is defined for SVID compatibility.
|
||||||
|
|
||||||
|
@strong{Warning:} Between the time the pathname is constructed and the
|
||||||
|
file is created another process might have created a file with the same
|
||||||
|
name using @code{tempnam}, leading to a possible security hole. The
|
||||||
|
implementation generates names which can hardly be predicted, but when
|
||||||
|
opening the file you should use the @code{O_EXCL} flag. Using
|
||||||
|
@code{tmpfile} or @code{mkstemp} is a safe way to avoid this problem.
|
||||||
@end deftypefun
|
@end deftypefun
|
||||||
@cindex TMPDIR environment variable
|
@cindex TMPDIR environment variable
|
||||||
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
|
/* Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
|
||||||
This file is part of the GNU C Library.
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
@ -32,3 +32,5 @@ mktemp (template)
|
|||||||
|
|
||||||
return template;
|
return template;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
link_warning (mktemp, "the use of `mktemp' is dangerous, better use `mkstemp'")
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
|
/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
|
||||||
This file is part of the GNU C Library.
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
@ -39,3 +39,6 @@ tempnam (const char *dir, const char *pfx)
|
|||||||
|
|
||||||
return __strdup (buf);
|
return __strdup (buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
link_warning (tempnam,
|
||||||
|
"the use of `tempnam' is dangerous, better use `mkstemp'")
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
|
/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
|
||||||
This file is part of the GNU C Library.
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
@ -45,3 +45,6 @@ tmpnam (char *s)
|
|||||||
|
|
||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
link_warning (tmpnam,
|
||||||
|
"the use of `tmpnam' is dangerous, better use `mkstemp'")
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (C) 1991,1993,1996,1997,1998,1999 Free Software Foundation, Inc.
|
/* Copyright (C) 1991,1993,1996-1999,2000 Free Software Foundation, Inc.
|
||||||
This file is part of the GNU C Library.
|
This file is part of the GNU C Library.
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
@ -33,3 +33,6 @@ tmpnam_r (char *s)
|
|||||||
|
|
||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
link_warning (tmpnam_r,
|
||||||
|
"the use of `tmpnam_r' is dangerous, better use `mkstemp'")
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc.
|
/* Copyright (C) 1995, 1996, 1998, 1999, 2000 Free Software Foundation, Inc.
|
||||||
|
|
||||||
The GNU C Library is free software; you can redistribute it and/or
|
The GNU C Library is free software; you can redistribute it and/or
|
||||||
modify it under the terms of the GNU Library General Public License as
|
modify it under the terms of the GNU Library General Public License as
|
||||||
@ -40,7 +40,7 @@ sethostid (id)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Open file for writing. Everybody is allowed to read this file. */
|
/* Open file for writing. Everybody is allowed to read this file. */
|
||||||
fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY, 0644);
|
fd = __open (HOSTIDFILE, O_CREAT|O_WRONLY|O_TRUNC, 0644);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user