From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: ACT announces availability of GNAT 3.14p
Date: Mon, 11 Feb 2002 16:09:47 +0100
Date: 2002-02-11T15:09:53+00:00 [thread overview]
Message-ID: <87k7tkkqbo.fsf@deneb.enyo.de> (raw)
In-Reply-To: 5ee5b646.0202110436.6b5825e0@posting.google.com
dewar@gnat.com (Robert Dewar) writes:
> You misunderstand what I am saying. When the user asks for
> a temporary file *explicitly* (nothing silent about that),
> then the temporary file goes in TMP, which seems the right
> semantics for a Unix environment to us. If you are concerned about the
> security issue, e.g. if you are writing a setuid program in Ada, then
> most certainly I would advise against explicit use of temporary files
> in the Ada sense.
You are mixing two things here. (Maybe I have been mixing these two
things, too, but I don't think so!) The problem in GNAT 3.14p and
earlier affects *all* programs running on a multi-user system which
create temporary files. As a result, you cannot use the Ada temporary
file facility at all, at least if you care about security.
My concerns regarding set-user-ID programs apply to the FSF CVS
version of GNAT only, where you can choose the path where temporary
files go. (I hope there's consensus that the buffer overflow bug has
to be fixed, so this not worth a discussion.)
> You seem to be arguing for not using /TMP for temporary
> files ever,
No, not really.
> but that seems the wrong choice to us in a
> Unix environment.
Exactly. /tmp is *the* place for temporary files.
I just want that the Ada run-time opens the temporary file with the
O_EXCL flag for the first time (and retries if it already exists).
O_EXCL ensures that the test for existence and the creation of the
file are performed in a single atomic operation, eliminating the
current race condition. (The FSF version of GNAT uses mkstemp(),
which invokes open() with the O_EXCL flag behind the scenes, multiple
times if necessary.)
next prev parent reply other threads:[~2002-02-11 15:09 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-31 2:49 ACT announces availability of GNAT 3.14p Robert Dewar
2002-02-03 8:07 ` Leon Winslow
2002-02-03 10:56 ` Dmitry A. Kazakov
2002-02-03 14:18 ` Robert Dewar
2002-02-03 14:46 ` Samuel Tardieu
2002-02-03 19:53 ` Robert Dewar
2002-02-03 13:13 ` Larry Kilgallen
2002-02-03 13:47 ` Jeffrey Creem
2002-02-03 14:11 ` Robert Dewar
2002-02-03 16:50 ` Pascal Obry
2002-02-17 5:37 ` jim
2002-02-17 11:20 ` Pascal Obry
2002-02-04 14:13 ` Stephen Leake
2002-02-04 16:07 ` Stephen Leake
2002-02-04 17:18 ` Darren New
2002-02-04 18:36 ` Preben Randhol
2002-02-04 19:08 ` Pascal Obry
2002-02-06 21:36 ` Karl Ran
2002-02-07 8:15 ` Preben Randhol
2002-02-07 15:06 ` Stephen Leake
2002-02-08 1:09 ` Robert Dewar
2002-02-08 11:23 ` John English
2002-02-08 12:33 ` Georg Bauhaus
2002-02-10 18:22 ` Robert Dewar
2002-02-10 18:53 ` Matthew Woodcraft
2002-02-12 12:14 ` John English
2002-02-08 17:10 ` Stephen Leake
2002-02-10 9:26 ` Florian Weimer
2002-02-10 10:07 ` Florian Weimer
2002-02-10 9:26 ` Florian Weimer
2002-02-10 18:38 ` Robert Dewar
2002-02-10 19:23 ` Florian Weimer
2002-02-10 21:55 ` Robert Dewar
2002-02-10 22:05 ` Florian Weimer
2002-02-11 12:36 ` Robert Dewar
2002-02-11 15:09 ` Florian Weimer [this message]
2002-02-11 16:19 ` Larry Kilgallen
2002-02-11 16:49 ` Aidan Skinner
2002-02-11 19:16 ` Florian Weimer
2002-02-11 19:36 ` Larry Kilgallen
2002-02-12 2:18 ` Robert Dewar
2002-02-12 21:10 ` Florian Weimer
2002-02-12 21:59 ` Larry Kilgallen
2002-02-11 18:55 ` Samuel Tardieu
2002-02-12 14:47 ` Karl Ran
2002-02-12 15:28 ` Aidan Skinner
2002-02-12 15:51 ` David C. Hoos
2002-02-12 15:40 ` Florian Weimer
-- strict thread matches above, loose matches on Subject: below --
2002-01-31 8:22 Christoph Grein
2002-02-10 18:32 ` Robert Dewar
[not found] <0d3401c1b3dd$25df9ac0$453ab4d8@sy.com>
2002-02-12 15:47 ` Aidan Skinner
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox