warnings on compile
Andrew Tridgell
tridge at linuxcare.com
Sun Dec 17 22:11:38 GMT 2000
We continue to use mktemp() because the alternatives are worse.
If we switched to using something based on mkstemp() then we would
actually open up a security hole! That is because some platforms open
the file in mkstemp() with permissions of 0666, which allows an
attacker to modify the file contents. That's why recent Linux man
pages recommend NOT using mkstemp() and instead using tmpfile().
So now of couse people will ask why we don't use tmpfile(). We don't
because it is fundamentally broken as it uses a FILE* pointer. On some
major platforms FILE* is limited to 8 bit file descriptors which means
tmpfile() would fail when Samba has more than 255 files open. Not
good.
Despite the stupid compiler warnings mktemp() (when used properly) is
the most secure option available. When something better comes along we
can consider using it, but meanwhile just put up with the stupid
compiler warnings.
Cheers, Tridge
More information about the samba-technical
mailing list