From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-11 04:36:35 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: dewar@gnat.com (Robert Dewar) Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: 11 Feb 2002 04:36:33 -0800 Organization: http://groups.google.com/ Message-ID: <5ee5b646.0202110436.6b5825e0@posting.google.com> References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <5ee5b646.0202071709.11b3f88c@posting.google.com> <87ofixit6v.fsf@deneb.enyo.de> <5ee5b646.0202101038.68b3b71f@posting.google.com> <87n0yhf8e1.fsf@deneb.enyo.de> <5ee5b646.0202101355.2c8d7ebb@posting.google.com> <87g049f0wb.fsf@deneb.enyo.de> NNTP-Posting-Host: 205.232.38.244 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1013430995 480 127.0.0.1 (11 Feb 2002 12:36:35 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 11 Feb 2002 12:36:35 GMT Xref: archiver1.google.com comp.lang.ada:19856 Date: 2002-02-11T12:36:35+00:00 List-Id: Florian Weimer wrote in message news:<87g049f0wb.fsf@deneb.enyo.de>... > dewar@gnat.com (Robert Dewar) writes: > > > That's the point here. I agree that if all, or even > > some, generated Ada programs used /TMP silently, there > > would be a problem, but this is not the case, and has > > never been the case. > > Really? The GNAT implementation of RM A.8.2(4) seems to > this. You misunderstand what I am saying. When the user asks for a temporary file *explicitly* (nothing silent about that), then the temporary file goes in TMP, which seems the right semantics for a Unix environment to us. If you are concerned about the security issue, e.g. if you are writing a setuid program in Ada, then most certainly I would advise against explicit use of temporary files in the Ada sense. The Ada semantics for temporary files is "give me a temporary file, you choose where, using standard system conventions". I would say that is not suitable at all for high security programs, where you want to know EXACTLY what files you are creating and EXACTLY what their names are. So once again, GNAT programs use the standard Unix convention for temporary files (put them in /TMP) only if you explicitly ask for a temporary file. This is never done silently, but only on request in the manner documented. That's why this talk of security problems seems a bit overdone. Yes, there are many ways to deliberately shoot yourself in the foot, we advise against such actions :-) You seem to be arguing for not using /TMP for temporary files ever, but that seems the wrong choice to us in a Unix environment. Really you are arguing for removing this feature from Unix entirely. OK, but that's an argument to be carried on elsewhere, the policy of GNAT is to blend harmoniously into the host operating system. If you manage to convince Unix to remove the "dangerous" use of /TMP, then GNAT will be happy to conform :-)