GNU bug report logs -
#29001
[wishlist] configure option to disable tmpnam
Previous Next
Reported by: Matt Wette <matt.wette <at> gmail.com>
Date: Thu, 26 Oct 2017 00:27:01 UTC
Severity: wishlist
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 29001 in the body.
You can then email your comments to 29001 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Thu, 26 Oct 2017 00:27:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Matt Wette <matt.wette <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-guile <at> gnu.org.
(Thu, 26 Oct 2017 00:27:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
It would be nice to have a configure option to disable/enable including the POSIX function tmpnam.
It may give Guile a more "code secure" option to have the default be disabled.
I tried to generate a patch, but I could not get it to work both ways (disable and enable). My autoconf
knowledge and skills are lacking.
Here is what I tried (THIS DOES NOT WORK)
--- libguile/posix.c-orig 2017-10-24 05:28:30.000000000 -0700
+++ libguile/posix.c 2017-10-24 05:28:51.000000000 -0700
@@ -1557,6 +1557,7 @@
}
#undef FUNC_NAME
+#ifdef ENABLE_TMPNAM
#ifdef L_tmpnam
SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
@@ -1580,6 +1581,7 @@
#undef FUNC_NAME
#endif
+#endif
SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0,
(void),
--- configure.ac-orig 2017-10-24 05:21:56.000000000 -0700
+++ configure.ac 2017-10-25 16:07:34.000000000 -0700
@@ -164,6 +164,10 @@
[ --disable-regex omit regular expression interfaces],,
enable_regex=yes)
+AC_ARG_ENABLE(tmpnam,
+ [ --enable-tmpnam enable POSIX tmpnam],
+ enable_tmpnam=yes, enable_tmpnam=no)
+
AC_ARG_ENABLE([deprecated],
AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))
^--- DOES NOT WORK
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Fri, 27 Oct 2017 18:15:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 29001 <at> debbugs.gnu.org (full text, mbox):
OK I have it working. Complete patch here, assuming config.h.in is generated by your autotools.
--- libguile/posix.c-orig 2017-10-24 05:28:30.000000000 -0700
+++ libguile/posix.c 2017-10-24 05:28:51.000000000 -0700
@@ -1557,6 +1557,7 @@
}
#undef FUNC_NAME
+#ifdef ENABLE_TMPNAM
#ifdef L_tmpnam
SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
@@ -1580,6 +1581,7 @@
#undef FUNC_NAME
#endif
+#endif
SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0,
(void),
--- configure.ac-orig 2017-10-24 05:21:56.000000000 -0700
+++ configure.ac 2017-10-27 09:03:20.000000000 -0700
@@ -164,6 +164,10 @@
[ --disable-regex omit regular expression interfaces],,
enable_regex=yes)
+AC_ARG_ENABLE(tmpnam,
+ [ --enable-tmpnam enable POSIX tmpnam],
+ AC_DEFINE(ENABLE_TMPNAM,1,[enable POSIX tmpnam()]),)
+
AC_ARG_ENABLE([deprecated],
AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Wed, 18 Mar 2020 23:49:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 29001 <at> debbugs.gnu.org (full text, mbox):
This is related to 4075 at debbugs.gnu.org
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Thu, 19 Mar 2020 00:31:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 29001 <at> debbugs.gnu.org (full text, mbox):
On 3/18/20 4:48 PM, Matt Wette wrote:
> This is related to 4075 at debbugs.gnu.org \
er 40075 at debbugs.gnu.org
working on patch against 3.0.1
going better this time
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Sat, 21 Mar 2020 20:23:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 29001 <at> debbugs.gnu.org (full text, mbox):
"make" and "make check" succeeds on 3.0.1 / Ubuntu 18.04 / x86_64 with
1) --disable-tmpnam
2) --enable-tmpnam
3) neither
This updates libguile/posix.c and configure.ac to allow extra
configuration option --disable-tmpnam. This is made available
for installations that don't want to allow the insecure tmpnam
function. (Use mkstemp! instead.)
--- libguile/posix.c-orig 2020-03-18 16:55:09.349588085 -0700
+++ libguile/posix.c 2020-03-18 17:07:20.860142083 -0700
@@ -65,6 +65,7 @@
#include "async.h"
#include "bitvectors.h"
+#include "deprecation.h"
#include "dynwind.h"
#include "extensions.h"
#include "feature.h"
@@ -1588,6 +1589,7 @@
}
#undef FUNC_NAME
+#ifdef ENABLE_TMPNAM
#ifdef L_tmpnam
SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
@@ -1602,6 +1604,9 @@
char name[L_tmpnam];
char *rv;
+ scm_c_issue_deprecation_warning
+ ("Use of tmpnam is deprecated. Use mkstemp! instead.");
+
SCM_SYSCALL (rv = tmpnam (name));
if (rv == NULL)
/* not SCM_SYSERROR since errno probably not set. */
@@ -1611,6 +1616,7 @@
#undef FUNC_NAME
#endif
+#endif
SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0,
(void),
--- configure.ac-orig 2020-03-18 17:11:17.977427035 -0700
+++ configure.ac 2020-03-18 17:09:57.850334685 -0700
@@ -166,6 +166,10 @@
[ --disable-regex omit regular expression interfaces],,
enable_regex=yes)
+AC_ARG_ENABLE(tmpnam,
+ [ --disable-tmpnam omit POSIX tmpnam],,
+ enable_tmpnam=yes)
+
AC_ARG_ENABLE([deprecated],
AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))
@@ -909,6 +913,10 @@
AC_DEFINE([ENABLE_REGEX], 1, [Define when regex support is enabled.])
fi
+if test "$enable_tmpnam" = yes; then
+ AC_DEFINE([ENABLE_TMPNAM], 1, [Define when tmpnam support is enabled.])
+fi
+
AC_REPLACE_FUNCS([strerror memmove])
# Reasons for testing:
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Sat, 21 Mar 2020 20:26:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 29001 <at> debbugs.gnu.org (full text, mbox):
Note: The above patch makes tmpnam report that it is deprecated.
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Sat, 21 Mar 2020 21:33:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 29001 <at> debbugs.gnu.org (full text, mbox):
Hi Matt,
Matt Wette <matt.wette <at> gmail.com> skribis:
> "make" and "make check" succeeds on 3.0.1 / Ubuntu 18.04 / x86_64 with
> 1) --disable-tmpnam
> 2) --enable-tmpnam
> 3) neither
>
> This updates libguile/posix.c and configure.ac to allow extra
> configuration option --disable-tmpnam. This is made available
> for installations that don't want to allow the insecure tmpnam
> function. (Use mkstemp! instead.)
Nice.
We should have deprecated ‘tmpnam’ before 3.0.0, it’s probably OK to do
it now.
> +AC_ARG_ENABLE(tmpnam,
> + [ --disable-tmpnam omit POSIX tmpnam],,
> + enable_tmpnam=yes)
Could you use ‘AS_HELP_STRING’ as is done in some other places? This is
the more conventional way to ensure proper formatting of ‘--help’.
Also, could you send the patch as an attachment (your mail client munged
it somehow)? You can create the patch by first committing locally and
then running (say) ‘git format-patch HEAD^’.
Bonus points if your commit log follows the GNU ChangeLog style:
https://www.gnu.org/prep/standards/html_node/Change-Logs.html
You can imitate previous entries shown by ‘git log’.
(I think this patch is acceptable without copyright assignment. Beyond
that, we’ll need copyright assignment, as discussed on IRC.)
Thanks in advance!
Ludo’.
Information forwarded
to
bug-guile <at> gnu.org:
bug#29001; Package
guile.
(Sun, 22 Mar 2020 16:21:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 29001 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Attached is the git patch against the following guile commit:
bef5e0b3938cc88e3a1a1ac590b009875cc38162
[0001-2020-03-22-Matt-Wette-mwette-alumni.caltech.edu.patch (text/x-patch, attachment)]
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Sun, 22 Mar 2020 17:13:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Matt Wette <matt.wette <at> gmail.com>:
bug acknowledged by developer.
(Sun, 22 Mar 2020 17:13:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 29001-done <at> debbugs.gnu.org (full text, mbox):
Hi Matt,
Matt Wette <matt.wette <at> gmail.com> skribis:
>>From 71ff7e79369a4514a961fc5cf76593b254c32d4c Mon Sep 17 00:00:00 2001
> From: Matt Wette <mwette <at> alumni.caltech.edu>
> Date: Sun, 22 Mar 2020 09:12:37 -0700
> Subject: [PATCH] 2020-03-22 Matt Wette <mwette <at> alumni.caltech.edu>
>
> * configure.ac:
> Provide new option: --disable-tmpnam
> This is made available for installations that don't want to allow
> the insecure POSIX tmpname function. Use mkstemp! instead.
>
> * libguile/posix.c
> tmpnam is deprecated; and enabled by ENABLE_TMPNAM
I tweaked the commit log and pushed. Thank you!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 20 Apr 2020 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 364 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.