From: Andrew R. <and...@us...> - 2009-11-12 20:53:12
|
Hi Alan, Thank's for reminding me about this. To do this right is, as you say, not trivial. I think we need to write a wrapper function which we use in the code, and which in turn will use mkstemp or some windows equivalent. Note that your windows "fix" uses mktemp which is itself not secure. Also, I understand that tmpfile which we use elsewhere in the code can have some issues. Finally, mkstemp does not (as far as I know) add a suitable path on or honour TMP / TEMP / TMPFILE variables, so we'd need to add code to support this. Hmmm. Why, after all these years, has no-one got this right? I see octave does contain a mkstemp function. I am assuming this is safe and I've replaced tmpnam with mkstemp in these cases, although the re-use of the file name is not guaranteed secure if tmp directory cleaners are in use. This is also a problem with the C functions, and means we may have to re-write code to avoid passing tmp file names around. Andrew On Wed, Nov 11, 2009 at 04:01:09PM -0800, Alan Irwin wrote: > Hi Andrew: > > I am mostly addressing this to you because I believe you have worked > on the tmpnam issue in the past for our PLplot code. > > Our oldest (from 2001!) open bug report concerns tmpnam (which is strongly > deprecated if you look at man tmpnam and which generates warnings for some > build configurations [I think it is when building applications against our > static library, but I have forgotten the exact circumstances when this > annoying warning message is issued.]). > > It turns out that tmpnam still exists in a few places in our software, i.e., > > software@raven> find -type f |grep -v svn |xargs grep tmpnam \ > |grep -v ChangeLog > ./drivers/tk.c: iodev->fileName = (char *) tmpnam( NULL ); > ./bindings/tk/plframe.c: sfnam = (char *) tmpnam( NULL ); > ./bindings/tk-x-plat/plplotter.c: sfnam = (char *) tmpnam( NULL ); > ./bindings/octave/PLplot/figure.m: init_file = tmpnam(); > ./bindings/octave/PLplot/save_fig.m: file = tmpnam; > > For the octave case, https://prof.hti.bfh.ch/sha1/Octave/index/f/tmpnam.html > implies the octave version of tmpnam has the same security issue as the C > tmpnam. Accordingly, could you change over the octave code to use the octave > tmpfile or mkstemp functions as appropriate? Those functions are documented > at https://prof.hti.bfh.ch/sha1/Octave/index/f/tmpfile.html and > https://prof.hti.bfh.ch/sha1/Octave/index/f/mkstemp.html. > > For the C code, the temporary file name is used a number of places after it > is created so there is no easy way to switch to tmpfile (which is used > elsewhere in PLplot with success). We could try switching to mkstemp (which > deals with the security issue implied by tmpnam). However, a google search > for > > windows mkstemp > > implies mkstemp is not available on Windows. However, see > http://www.mail-archive.com/pan-devel%40nongnu.org/msg00294.html for what > looks like a straightforward workaround for the windows case. > > At this point, however, I am right at the ragged edge of my C knowledge so I > would appreciate your help and/or advice about moving from tmpnam to mkstemp > for the above three C files. > > Alan > __________________________ > Alan W. Irwin > > Astronomical research affiliation with Department of Physics and Astronomy, > University of Victoria (astrowww.phys.uvic.ca). > > Programming affiliations with the FreeEOS equation-of-state implementation > for stellar interiors (freeeos.sf.net); PLplot scientific plotting software > package (plplot.org); the libLASi project (unifont.org/lasi); the Loads of > Linux Links project (loll.sf.net); and the Linux Brochure Project > (lbproject.sf.net). > __________________________ > > Linux-powered Science > __________________________ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Plplot-devel mailing list > Plp...@li... > https://lists.sourceforge.net/lists/listinfo/plplot-devel > |