#3638: Compilation errors for 1.6
-----------------------+----------------------
Reporter: grarpamp | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone: 1.6
Component: mutt | Version: 1.5.21
Resolution: | Keywords:
-----------------------+----------------------
Comment (by grarpamp):
mk[sd]temp() exist as handy temp creators that avoid foot shooting.
But if you care about the resultant filename, you can make your
own. That's mentioned in the open(.. O_CREAT|O_EXCL ..) in the spec
below.
# mkstemp() - secure family
http://pubs.opengroup.org/onlinepubs/9699919799/functions/mkstemp.html
# mktemp() - insecure, removed from spec
http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap03.html
# some man pages
http://www.openbsd.org/cgi-bin/man.cgi?query=mkstemp
http://www.freebsd.org/cgi/man.cgi?query=mkstemp
http://netbsd.gw.com/cgi-bin/man-cgi?mkstemp++NetBSD-current
http://linux.die.net/man/3/mkstemp
"mkstemps" is not a standard, though google shows many OS have it.
link() would be ok but it's redundant given you can just open().
rename() can't be used because it will unlink the destination first,
that's bad because of whatever else the user or someone else might
be doing there.
Pre-NFSv3 I don't know other than it's ancient, and if you can't
O_EXCL then whatever you do there is a wash.
Looked briefly at the code, seems there are lots of redundant code
blocks where a file is needed. Similar to...
mutt_mktemp( hint ) **or** mutt_adv_mktemp( hint )
fp = safe_fopen( safe_open( name ) ) { mutt_perror }
do_something_with( fp )
I may have seen some instances where safe_open was not used,
perhaps with calls to mutt_adv_mktemp and [f]open, not sure.
It was hard to look for due to the separation of name generation
and file opening everywhere.
I didn't look at this one at all: mh_mkstemp()
Anyways, the compiler warns on the deprecated mktemp(). It's the
O_EXCL that protects you, not the stats. So if mkstemps() isn't
present across your target systems, and mkstemp() won't do...
maybe the quick fix is to replace mktemp( s ) with your own random
string+suffix generator, that'll silence the compiler. I'd think
the longer fix is to replace all the 'separate namehint from opens'
with a single function...
fp = generate_and_open_together(hint mode access O_EXCL random etc)
do_something_with( fp )
> if your system has mkstemps(), you're probably better off using
> mktemp() the way Mutt uses it instead. You just have to make
> sure that the file does not already exist when you go to create it
'When you go to create it' implies beforehand, which is wrong.
Only the O_EXCL can save you from the race.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3638#comment:8>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
