From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-12 13:15:01 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!dispose.news.demon.net!demon!diablo.netcom.net.uk!netcom.net.uk!colt.net!newsfeed00.sul.t-online.de!t-online.de!newsfeed.r-kom.de!newsfeed.stueberl.de!newsfeed.vmunix.org!newsfeed2.easynews.net!easynews.net!news.cid.net!news.enyo.de!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: Tue, 12 Feb 2002 22:10:11 +0100 Organization: Enyo -- not your organization Message-ID: <87sn862yq4.fsf@deneb.enyo.de> References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <87sn874ymw.fsf@deneb.enyo.de> <88fiD5sVuJOa@eisner.encompasserve.org> <5ee5b646.0202111818.73a4106@posting.google.com> NNTP-Posting-Host: deneb.enyo.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: cygnus.enyo.de 1013548215 5761 212.9.189.171 (12 Feb 2002 21:10:15 GMT) X-Complaints-To: abuse@enyo.de NNTP-Posting-Date: 12 Feb 2002 21:10:15 GMT Cancel-Lock: sha1:giT70VB7Rj47VgU4+4IfoCDuHoY= Xref: archiver1.google.com comp.lang.ada:19952 Date: 2002-02-12T21:10:15+00:00 List-Id: dewar@gnat.com (Robert Dewar) writes: > I would certainly agree with that. But I remind again, that > if you are writing high security Ada programs, e.g. those > running as setuid, you are well advised to stay away from > anonymous temporary files whose location is not specified > by the standard in any case. Funny to see that Robert is spreading misinformation on CLA. ;-) The problem in GNAT 3.14p and earlier does not only affect setuid applications, it affects any application which creates temporary files. Arguing from the Ada standard is of no help here because the Ada standard does not provide an interface to create temporary files safely, without race conditions. Furthermore, in GNAT 3.14p, the location *is* hardwired to /tmp for setuid programs, at least if the underlying libc is reasonable (which can be checked by examining the source code).