This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
Re: tmpfile security hole
- From: Eric Blake <ebb9 at byu dot net>
- To: Charles Wilson <libtool at cwilson dot fastmail dot fm>
- Cc: newlib at sourceware dot org
- Date: Thu, 17 May 2007 06:12:41 -0600
- Subject: Re: tmpfile security hole
- References: <464BDCCF.7070608@cwilson.fastmail.fm>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Charles Wilson on 5/16/2007 10:40 PM:
> So, I'm trying to knock together this libtool patch for Steve, and I
> update newlib to latest.
>
> Boom, on i686-pc-linux-gnu:
>
> ../../../../../src/newlib/libc/stdio/tmpfile.c: In function '_tmpfile_r':
> ../../../../../src/newlib/libc/stdio/tmpfile.c:73: error: 'S_IRUSR'
> undeclared (first use in this function)
Indeed. fopen merely called open with a raw octal number, instead of
going through the S_* constants; this violates the current revision of
POSIX, where the S_* are permitted to have non-traditional values.
However, there is a move towards mandating S_IRUSR and friends have the
traditional values for the next revision of POSIX, because of the large
existing code base that fails to use S_*.
At any rate, I'm checking in your patch as obvious.
>
> 2007-05-17 Charles Wilson <...>
>
> * stdio/tmpfile.c: include <sys/stat.h>
> * stdio64/tmpfile64.c: ditto
>
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTEa384KuGfSFAYARAg6cAJ43DaHvWtWPbvj97aPebDNnQmRVcQCdH718
LVeFbTohP93QatlXNIPYG6Q=
=Dd2h
-----END PGP SIGNATURE-----