From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-11 07:15:00 PST Path: archiver1.google.com!news1.google.com!sn-xit-02!supernews.com!news-x2.support.nl!news.csl-gmbh.net!newsfeed.r-kom.de!newsfeed.stueberl.de!newsfeed.vmunix.org!newsfeed2.easynews.net!easynews.net!news.cid.net!news.enyo.de!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: Mon, 11 Feb 2002 16:09:47 +0100 Organization: Enyo -- not your organization Message-ID: <87k7tkkqbo.fsf@deneb.enyo.de> References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <5ee5b646.0202071709.11b3f88c@posting.google.com> <87ofixit6v.fsf@deneb.enyo.de> <5ee5b646.0202101038.68b3b71f@posting.google.com> <87n0yhf8e1.fsf@deneb.enyo.de> <5ee5b646.0202101355.2c8d7ebb@posting.google.com> <87g049f0wb.fsf@deneb.enyo.de> <5ee5b646.0202110436.6b5825e0@posting.google.com> NNTP-Posting-Host: deneb.enyo.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: cygnus.enyo.de 1013440193 8710 212.9.189.171 (11 Feb 2002 15:09:53 GMT) X-Complaints-To: abuse@enyo.de NNTP-Posting-Date: 11 Feb 2002 15:09:53 GMT Cancel-Lock: sha1:cImvhD3H0O7EV5YE61TykfSXMWQ= Xref: archiver1.google.com comp.lang.ada:19866 Date: 2002-02-11T15:09:53+00:00 List-Id: dewar@gnat.com (Robert Dewar) writes: > You misunderstand what I am saying. When the user asks for > a temporary file *explicitly* (nothing silent about that), > then the temporary file goes in TMP, which seems the right > semantics for a Unix environment to us. If you are concerned about the > security issue, e.g. if you are writing a setuid program in Ada, then > most certainly I would advise against explicit use of temporary files > in the Ada sense. You are mixing two things here. (Maybe I have been mixing these two things, too, but I don't think so!) The problem in GNAT 3.14p and earlier affects *all* programs running on a multi-user system which create temporary files. As a result, you cannot use the Ada temporary file facility at all, at least if you care about security. My concerns regarding set-user-ID programs apply to the FSF CVS version of GNAT only, where you can choose the path where temporary files go. (I hope there's consensus that the buffer overflow bug has to be fixed, so this not worth a discussion.) > You seem to be arguing for not using /TMP for temporary > files ever, No, not really. > but that seems the wrong choice to us in a > Unix environment. Exactly. /tmp is *the* place for temporary files. I just want that the Ada run-time opens the temporary file with the O_EXCL flag for the first time (and retries if it already exists). O_EXCL ensures that the test for existence and the creation of the file are performed in a single atomic operation, eliminating the current race condition. (The FSF version of GNAT uses mkstemp(), which invokes open() with the O_EXCL flag behind the scenes, multiple times if necessary.)