| Summary: | recent gcc/ld doesn't like our use of tmpnam() | ||
|---|---|---|---|
| Product: | Telepathy | Reporter: | Simon McVittie <smcv> |
| Component: | tp-glib | Assignee: | Simon McVittie <smcv> |
| Status: | RESOLVED FIXED | QA Contact: | Telepathy bugs list <telepathy-bugs> |
| Severity: | minor | ||
| Priority: | medium | CC: | guillaume.desmottes |
| Version: | git master | Keywords: | patch |
| Hardware: | Other | ||
| OS: | All | ||
| URL: | http://cgit.freedesktop.org/~smcv/telepathy-glib/log/?h=no-tmpnam-68350 | ||
| Whiteboard: | review? | ||
| i915 platform: | i915 features: | ||
| Attachments: |
_tp_create_temp_unix_socket: avoid using tmpnam()
Regression tests: also avoid tmpnam() here |
||
Workaround (which I think is what we should do for 0.20.x): compile with "LDFLAGS=-Wl,--no-fatal-warnings". (In reply to comment #0) > With our "development-mode" settings, recent gcc/ld issues a fatal warning > about tmpnam(), because it's usually used in an unsafe way. My mistake, this was local configuration: we don't normally configure ld for fatal warnings. (I think we should still get rid of tmpnam() on the development branch, though.) Created attachment 84404 [details] [review] _tp_create_temp_unix_socket: avoid using tmpnam() n current Debian unstable, gcc/ld issues a warning about tmpnam(), because it's usually used in an unsafe way. "gcc -Wl,--fatal-warnings" (which I'm using in my development environment) upgrades that to fatal. Our usage was in fact safe (trying to listen on a socket always behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to symlink attacks), but we're swimming against the current by trying to use tmpnam(). Instead, create a secure private temporary directory with g_dir_make_tmp(), and put our socket in there. Created attachment 84405 [details] [review] Regression tests: also avoid tmpnam() here This is a bit simpler than in production code, because we can just abort on errors that "should never happen". Comment on attachment 84404 [details] [review] _tp_create_temp_unix_socket: avoid using tmpnam() Review of attachment 84404 [details] [review]: ----------------------------------------------------------------- ++ Comment on attachment 84405 [details] [review] Regression tests: also avoid tmpnam() here Review of attachment 84405 [details] [review]: ----------------------------------------------------------------- ++ Fixed in git for 0.21.2, thanks |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
With our "development-mode" settings, recent gcc/ld issues a fatal warning about tmpnam(), because it's usually used in an unsafe way. Our usage was in fact safe (trying to listen on a socket always behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to symlink attacks), but we're swimming against the current by trying to use tmpnam(). I have a patch that replaces this by creating a secure private temporary directory with g_dir_make_tmp(), and putting our socket in there; unfortunately, tests fail, so I still need to debug it.