This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: "dangerous" warning question


On 7/14/07, Brian Dessent <brian@dessent.net> wrote:
NightStrike wrote:

> When compiling binutils, I receive this warning:
>
> ../../src/libiberty/choose-temp.c:68: warning: the use of `mktemp' is
> dangerous, better use `mkstemp'
>
> Is this something I can do anything about, such as via a configure
> option?  What exactly does this mean?

This is a warning from glibc.  It's telling you that you're building
code that uses the mktemp function which is considered dangerous by
design due to the race condition inherent between when the filename is
checked for existance and its subsequent open().  libiberty acknowledges
this deficiency:

> @deftypefn Extension char* choose_temp_base (void)
>
> Return a prefix for temporary file names or @code{NULL} if unable to
> find one.  The current directory is chosen if all else fails so the
> program is exited if a temporary directory can't be found (@code{mktemp}
> fails).  The buffer for the result is obtained with @code{xmalloc}.
>
> This function is provided for backwards compatibility only.  Its use is
> not recommended.

It's not likely that choose_temp_base() could ever be removed from
libiberty since this library is shared by lots of projects, but at least
as a first step it would be a good idea I suppose if all consumers of it
in binutils were removed.  At the moment that seems to be just
dlltool.c, dllwrap.c, and resrc.c, which is not surprising as these tend
to suffer from a lot of bitrot anyway.  But that's not going to do
anything to remove the warning, as you will always get that when
building libiberty on a glibc host even if you removed all
choose_temp_base callers.

As far as I know there is no way to disable the warning in glibc, and
the glibc developers are not interested in hearing any complaints about
it.  The fact that you don't get the warning on other platforms doesn't
mean mktemp() isn't inherently broken/insecure there too, it just means
that glibc is particularly militant about spreading their ideas on these
matters.


Would the best course of action be to remove calls to choose_temp_base
from those aforementioned files, and to further change the way
choose_temp_base works to call mkstemp instead of mktemp?  Or would
that break other things?

I'm obviously a fledgling in this regard -- just trying to learn, so I
appreciate your patience and your verbosity.  The indepth answers that
you, and everyone on this list, provides is immensely helpful.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]