tmpnam deprecated warning linux
|
|
Bugzilla Link |
9 |
Created on |
Mar 25, 2003 21:09 |
Resolution |
FIXED |
Resolved on |
Apr 11, 2003 11:59 |
Version |
1.00beta |
OS |
Linux |
Architecture |
PC |
Extended Description
On linus systems using newer versions of glibc, a warning is emitted, that
tmpnam should be avoided for security reasons. The reason is, that some
application could hijack the temporary sac2c directory and thus get sac2c user
privileges and change files.
As sac2c is a compiler and does no security relevant things this is a minor bug.
A solutions would be mkdtemp, which directly creates the directory and by thus
avoids any race-conditions (this solutions is proposed by glibc developers).
mkdtemp is no common unix function and thus not portable.