warnings on compile
Jeremy Allison
jeremy at valinux.com
Thu Dec 14 18:03:37 GMT 2000
"Klein, Christopher" wrote:
>
> Hi there, I am trying to install samba on an ftp server running
> freebsd 4.1 I am getting the following warning repeated many times on the
> initial make (I did run the configure step first, and I consulted the
> appropriate readme documents)
> Warning: mktemp() possibly used unsafely; consider using mkstemp
> As the security on microsoft products are suspect at best, I do not
> want to add to the insecurity of the network by adding insecure binaries on
> the unix platform if it can be avoided. Is there some kind of switch or
> other modification that will allow the compile to use mkstemp() and not
> generate this message. any other suggestions
The warning is wrong. mktemp is being used securely in Samba.
Every use of the generated filename uses the O_EXCL flag,
which prevents /tmp races.
mkstemp doesn't do what we need here, as it returns a file
descriptor which is not what we want - we want a filename
that is *potentially* unique. We take care of the security
issue ourselves.
Regards,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list