From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9960fa51a4a478af X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-02-11 08:30:01 PST Path: archiver1.google.com!news1.google.com!sn-xit-02!sn-xit-01!supernews.com!iad-peer.news.verio.net!news.verio.net!newsfeed.cwix.com!news.binc.net!kilgallen From: Kilgallen@SpamCop.net (Larry Kilgallen) Newsgroups: comp.lang.ada Subject: Re: ACT announces availability of GNAT 3.14p Date: 11 Feb 2002 10:19:46 -0600 Organization: LJK Software Message-ID: References: <5ee5b646.0201301849.4e951bcb@posting.google.com> <87k7tkkqbo.fsf@deneb.enyo.de> NNTP-Posting-Host: eisner.encompasserve.org X-Trace: grandcanyon.binc.net 1013444390 15729 192.135.80.34 (11 Feb 2002 16:19:50 GMT) X-Complaints-To: abuse@binc.net NNTP-Posting-Date: Mon, 11 Feb 2002 16:19:50 +0000 (UTC) Xref: archiver1.google.com comp.lang.ada:19868 Date: 2002-02-11T10:19:46-06:00 List-Id: In article <87k7tkkqbo.fsf@deneb.enyo.de>, Florian Weimer writes: > dewar@gnat.com (Robert Dewar) writes: > >> You misunderstand what I am saying. When the user asks for >> a temporary file *explicitly* (nothing silent about that), >> then the temporary file goes in TMP, which seems the right >> semantics for a Unix environment to us. If you are concerned about the >> security issue, e.g. if you are writing a setuid program in Ada, then >> most certainly I would advise against explicit use of temporary files >> in the Ada sense. > > You are mixing two things here. (Maybe I have been mixing these two > things, too, but I don't think so!) The problem in GNAT 3.14p and > earlier affects *all* programs running on a multi-user system which > create temporary files. As a result, you cannot use the Ada temporary > file facility at all, at least if you care about security. I believe saying "*all* programs running on a multi-user system which create temporary files" is overly broad. If GNAT is conforming to operating system expectations as Robert Dewar said, then on VMS it might use SYS$SCRATCH as the storage area, and by default that is fully protected from other unprivileged users. If for some reason you want to reduce the security on a VMS system, there are steps you can take to make SYS$SCRATCH not be protected from other unprivileged users. (Actually, VMS has a different mechanism that GNAT might also use that puts the file into no directory.) I would hope that on Unix there is some way to redefine /tmp so as to provide more protection. But attempting to make the default use of /tmp by an Ada program more secure than the default use of /tmp by a shell script will be effective only if you also prevent use of /tmp by shell scripts.