Menu

#5 signalposreq(): use mkstemp

gpsdrive-svn
closed-fixed
nobody
None
6
2008-12-16
2008-09-20
Hamish B
No

src/splash.c's signalposreq() should use mkstemp() to safely create the temp file.

Hamish

Discussion

  • Andreas Putzo

    Andreas Putzo - 2008-12-15

    Hi,

    this functions dumps the current position into a tempfile if the user sends SIGUSR1 to the gpsdrive
    process. I think the intention was to use it together with scripts like gpssmswatch (sending the current position to a mobile phone).
    Using mkgstemp() makes it more difficult to tell scripts which file actually containts the output.
    I wonder if it is better to remove this functionality from gpsdrive. If i'm not wrong, gpsdrive itself
    communicates with gpsd nowadays. Scripts that need to now the current position could use gpsd itself
    to get the current position and don't have to rely on gpsdrive.

    Cheers, Andreas

     
  • Hamish B

    Hamish B - 2008-12-16

    re debian bug 508595,
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508595

    $ grep /tmp/ *
    geo-code:TMP=/tmp/geo$$
    geo-code: cp $COORDS /tmp/geo.google
    geo-code: filter="tee /tmp/geo.yahoo"
    geo-code: cp $COORDS /tmp/geo.coords
    geo-nearest: TMP=/tmp/geo
    geo-nearest: TMP=/tmp/geo$$
    geo-nearest: cp $GEOWAY /tmp/geocaching.loc
    gpssmswatch:FILE=/tmp/.smswatch
    gpssmswatch:NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'`
    gpssmswatch:cat /tmp/gpsdrivepos
    gpssmswatch:gnokii --sendsms $NUMBER < /tmp/gpsdrivepos

    these three are all shell/bash scripts.

    possible fix:

    TMP=`tempfile -p geo.`
    if [ $? -ne 0 ] || [ -z "$TMP" ] ; then
    echo "ERROR: Unable to create temporary files" 1>&2
    exit 1
    fi

    Hamish

     
  • D.S.E

    D.S.E - 2008-12-16

    I agree to Andreas, let's remove it.

     
  • D.S.E

    D.S.E - 2008-12-16

    obsolete function removed.

     
  • D.S.E

    D.S.E - 2008-12-16
    • status: open --> closed-fixed
     
  • Nobody/Anonymous

    Upstream fixes for get-code and geo-nearest are problematic from the portability point of view, as well as are not addressing the security flaw completely:

    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508595#20

     
  • Nobody/Anonymous

    dn1nxo Aloha! and <a href="http://brand-amoxil-fda.socialgo.com">purchase brand amoxil</a> and http://brand-amoxil-fda.socialgo.com purchase brand amoxil and gckxfv and

     
  • Hamish B

    Hamish B - 2010-03-17

    > Upstream fixes for get-code and geo-nearest are problematic from the
    > portability point of view, as well as are not addressing the security flaw
    > completely:

    incorrect. the upstream fix was to delete the unused and problematic script. that's about as portable as you can get.

    * no way to report spam in a ticket?

    Hamish

     
  • Nobody/Anonymous

    bla test...

     

Log in to post a comment.