From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-12 13:59:09 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.cwix.com!news.binc.net!kilgallen From: Kilgallen@SpamCop.net (Larry Kilgallen) Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: 12 Feb 2002 15:59:07 -0600 Organization: LJK Software Message-ID: References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <87sn862yq4.fsf@deneb.enyo.de> NNTP-Posting-Host: eisner.encompasserve.org X-Trace: grandcanyon.binc.net 1013551149 13241 192.135.80.34 (12 Feb 2002 21:59:09 GMT) X-Complaints-To: abuse@binc.net NNTP-Posting-Date: Tue, 12 Feb 2002 21:59:09 +0000 (UTC) Xref: archiver1.google.com comp.lang.ada:19956 Date: 2002-02-12T15:59:07-06:00 List-Id: In article <87sn862yq4.fsf@deneb.enyo.de>, Florian Weimer writes: > dewar@gnat.com (Robert Dewar) writes: > >> I would certainly agree with that. But I remind again, that >> if you are writing high security Ada programs, e.g. those >> running as setuid, you are well advised to stay away from >> anonymous temporary files whose location is not specified >> by the standard in any case. > The problem in GNAT 3.14p and earlier does not only affect setuid He said "e.g." not "i.e.". Certainly you do not disagree that security is important for a program running with setuid, do you ? > applications, it affects any application which creates temporary > files. And the answer seems to be that in _some_ operating systems which GNAT can target, use of the C runtime library can provide a call that gives better security. If GNAT were to simply use that call when it is possible, that might lead to assumptions that the security of GNAT was good on _all_ operating systems which GNAT can target.