Hylafax Developers Mailing List Archives

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

[hylafax-devel] Re: Supported Platforms/Security mods?



At 11:04 AM 6/13/00 -0700, Andy Sparrow wrote:
>On Thu, Jun 08, 2000 at 05:35:48PM +1000, Robert Colquhoun wrote:
> > snprintf and strncpy are ok.  The only thing to think about is that 
> hylafax
> > is written in C++ and it might be better to use the included fxStr 
> class or
> > perhaps the ansi string class than a straight char buffer.
>
>Yes, that would seem a better long-term solution. However, I'm /way/
>more comfortable with K&R C than ANSI - and I never got around to
>C++ at all...
>
>Therefore, I really only spent time on ensuring that printing/copying
>into char buffers is restricted to the bounds of that buffer (via
>'snprintf()', 'vsnprint()' and 'strlcpy()') ;-)

Even if you just find and list the problems for someone else to fix would 
be helpful.


> > mkstemp() is a problem though, on HPUX at least it is limited to 26 files
> > open at once.
>
>Hmm. Maybe it'd be better not to touch this then. Or make any change
>FreeBSD-specific (e.g. in the FreeBSD port's 'patches' directory).
>
>I presume that there's no way to tweak 'configure' into using a
>portability function (e.g. from "port") in preference to one provided
>by the system?
>
>Better look at that, I guess..

I did some work on this awhile back, i just did a quick grep on the source 
code, there is:
         1 use of tmpfile()
         11 uses of mkstemp()
         2 uses of mktemp()
         0 uses of tempnam()
         0 uses of tmpnam()

... i remember trying to get rid of the mktemp() calls but because of the 
way it was written(...insert diatribe about original author...) i could not 
do it without rewriting the whole thing.


> > tmpfile() is the preferred call - but this can sometimes be
> > annoying if you only want a file handle rather than a FILE*......this
> > stopped me from converting to all tmpfile() calls previously...i think i
> > got rid of most of the mktemp() stuff a year or so ago though.
>
>On some platforms at least, 'tmpfile' and friends are much less
>secure than 'mkstemp', judging by this excerpt from the BSD 'tmpfile'
>man page:

None of the temporary file routines are very good - for instance on linux 
upto glibc 2.07 mkstemp created all its temporary files world writeable.

On a modern system though i should think mkstemp() and tmpfile() would be 
about even though, tmpfile() has the plus it is a posix standard but the 
big disadvantage it creates FILE*.  mkstemp() has the advantage it creates 
an int filehandle but the disadvantage that it is poorly implemented or 
depreciated outside the BSD world.


>         BUGS
>
>                 These interfaces are provided for System V and ANSI
>                 compatibility only.  The mkstemp(3) interface is
>                 strongly preferred.

..and tmpfile() is posix


>                 This implementation does not have these flaws, but
>                 portable software cannot depend on that.  In
>                 particular, the tmpfile() interface should not be
>                 used in software expected to be used on other
>                 systems if there is any possibility that the user
>                 does not wish the temporary file to be publicly
>                 readable and writable.

...unfortunately the same is true of mkstemp() on other platforms.

Basically the policy i was following till now was:
         - mkstemp() and tmpfile() are both ok.
         - tempnam(), tmpnam() and mktemp() should *not* be used.

Perhaps what is need is a wrapper function to create temporary files which 
chooses the best implementation mkstemp() or tmpfile() depending on the 
platform.

- Robert




____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null



Home
Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services