Bug 68350 - recent gcc/ld doesn't like our use of tmpnam()
Summary: recent gcc/ld doesn't like our use of tmpnam()
Status: RESOLVED FIXED
Alias: None
Product: Telepathy
Classification: Unclassified
Component: tp-glib (show other bugs)
Version: git master
Hardware: Other All
: medium minor
Assignee: Simon McVittie
QA Contact: Telepathy bugs list
URL: http://cgit.freedesktop.org/~smcv/tel...
Whiteboard: review?
Keywords: patch
Depends on:
Blocks:
 
Reported: 2013-08-20 19:59 UTC by Simon McVittie
Modified: 2013-09-06 15:10 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
_tp_create_temp_unix_socket: avoid using tmpnam() (4.93 KB, patch)
2013-08-21 17:35 UTC, Simon McVittie 		Details | Splinter Review
Regression tests: also avoid tmpnam() here (4.72 KB, patch)
2013-08-21 17:35 UTC, Simon McVittie 		Details | Splinter Review
View All

Description Simon McVittie 2013-08-20 19:59:17 UTC 
With our "development-mode" settings, recent gcc/ld issues a fatal warning about tmpnam(), because it's usually used in an unsafe way.
    
Our usage was in fact safe (trying to listen on a socket always behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to symlink attacks), but we're swimming against the current by trying to use tmpnam(). I have a patch that replaces this by creating a secure private temporary directory with g_dir_make_tmp(), and putting our socket in there; unfortunately, tests fail, so I still need to debug it.
Comment 1 Simon McVittie 2013-08-20 20:01:09 UTC 
Workaround (which I think is what we should do for 0.20.x): compile with "LDFLAGS=-Wl,--no-fatal-warnings".
Comment 2 Simon McVittie 2013-08-21 13:19:51 UTC 
(In reply to comment #0)
> With our "development-mode" settings, recent gcc/ld issues a fatal warning
> about tmpnam(), because it's usually used in an unsafe way.

My mistake, this was local configuration: we don't normally configure ld for fatal warnings.

(I think we should still get rid of tmpnam() on the development branch, though.)
Comment 3 Simon McVittie 2013-08-21 17:35:22 UTC 
Created attachment 84404 [details] [review]
_tp_create_temp_unix_socket: avoid using tmpnam()

n current Debian unstable, gcc/ld issues a warning about tmpnam(),
because it's usually used in an unsafe way. "gcc -Wl,--fatal-warnings"
(which I'm using in my development environment) upgrades that to fatal.

Our usage was in fact safe (trying to listen on a socket always
behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to
symlink attacks), but we're swimming against the current by trying
to use tmpnam(). Instead, create a secure private temporary directory
with g_dir_make_tmp(), and put our socket in there.
Comment 4 Simon McVittie 2013-08-21 17:35:37 UTC 
Created attachment 84405 [details] [review]
Regression tests: also avoid tmpnam() here

This is a bit simpler than in production code, because we can just
abort on errors that "should never happen".
Comment 5 Guillaume Desmottes 2013-09-06 13:03:18 UTC 
Comment on attachment 84404 [details] [review]
_tp_create_temp_unix_socket: avoid using tmpnam()

Review of attachment 84404 [details] [review]:
-----------------------------------------------------------------

++
Comment 6 Guillaume Desmottes 2013-09-06 13:04:21 UTC 
Comment on attachment 84405 [details] [review]
Regression tests: also avoid tmpnam() here

Review of attachment 84405 [details] [review]:
-----------------------------------------------------------------

++
Comment 7 Simon McVittie 2013-09-06 15:10:04 UTC 
Fixed in git for 0.21.2, thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.