[-- Attachment #1: Type: text/plain, Size: 1263 bytes --] It would be nice to have a configure option to disable/enable including the POSIX function tmpnam. It may give Guile a more "code secure" option to have the default be disabled. I tried to generate a patch, but I could not get it to work both ways (disable and enable). My autoconf knowledge and skills are lacking. Here is what I tried (THIS DOES NOT WORK) --- libguile/posix.c-orig 2017-10-24 05:28:30.000000000 -0700 +++ libguile/posix.c 2017-10-24 05:28:51.000000000 -0700 @@ -1557,6 +1557,7 @@ } #undef FUNC_NAME +#ifdef ENABLE_TMPNAM #ifdef L_tmpnam SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, @@ -1580,6 +1581,7 @@ #undef FUNC_NAME #endif +#endif SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0, (void), --- configure.ac-orig 2017-10-24 05:21:56.000000000 -0700 +++ configure.ac 2017-10-25 16:07:34.000000000 -0700 @@ -164,6 +164,10 @@ [ --disable-regex omit regular expression interfaces],, enable_regex=yes) +AC_ARG_ENABLE(tmpnam, + [ --enable-tmpnam enable POSIX tmpnam], + enable_tmpnam=yes, enable_tmpnam=no) + AC_ARG_ENABLE([deprecated], AS_HELP_STRING([--disable-deprecated],[omit deprecated features])) ^--- DOES NOT WORK [-- Attachment #2: Type: text/html, Size: 9360 bytes --]
OK I have it working. Complete patch here, assuming config.h.in is generated by your autotools. --- libguile/posix.c-orig 2017-10-24 05:28:30.000000000 -0700 +++ libguile/posix.c 2017-10-24 05:28:51.000000000 -0700 @@ -1557,6 +1557,7 @@ } #undef FUNC_NAME +#ifdef ENABLE_TMPNAM #ifdef L_tmpnam SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, @@ -1580,6 +1581,7 @@ #undef FUNC_NAME #endif +#endif SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0, (void), --- configure.ac-orig 2017-10-24 05:21:56.000000000 -0700 +++ configure.ac 2017-10-27 09:03:20.000000000 -0700 @@ -164,6 +164,10 @@ [ --disable-regex omit regular expression interfaces],, enable_regex=yes) +AC_ARG_ENABLE(tmpnam, + [ --enable-tmpnam enable POSIX tmpnam], + AC_DEFINE(ENABLE_TMPNAM,1,[enable POSIX tmpnam()]),) + AC_ARG_ENABLE([deprecated], AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))
This is related to 4075 at debbugs.gnu.org
On 3/18/20 4:48 PM, Matt Wette wrote:
> This is related to 4075 at debbugs.gnu.org \
er 40075 at debbugs.gnu.org
working on patch against 3.0.1
going better this time
"make" and "make check" succeeds on 3.0.1 / Ubuntu 18.04 / x86_64 with 1) --disable-tmpnam 2) --enable-tmpnam 3) neither This updates libguile/posix.c and configure.ac to allow extra configuration option --disable-tmpnam. This is made available for installations that don't want to allow the insecure tmpnam function. (Use mkstemp! instead.) --- libguile/posix.c-orig 2020-03-18 16:55:09.349588085 -0700 +++ libguile/posix.c 2020-03-18 17:07:20.860142083 -0700 @@ -65,6 +65,7 @@ #include "async.h" #include "bitvectors.h" +#include "deprecation.h" #include "dynwind.h" #include "extensions.h" #include "feature.h" @@ -1588,6 +1589,7 @@ } #undef FUNC_NAME +#ifdef ENABLE_TMPNAM #ifdef L_tmpnam SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, @@ -1602,6 +1604,9 @@ char name[L_tmpnam]; char *rv; + scm_c_issue_deprecation_warning + ("Use of tmpnam is deprecated. Use mkstemp! instead."); + SCM_SYSCALL (rv = tmpnam (name)); if (rv == NULL) /* not SCM_SYSERROR since errno probably not set. */ @@ -1611,6 +1616,7 @@ #undef FUNC_NAME #endif +#endif SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0, (void), --- configure.ac-orig 2020-03-18 17:11:17.977427035 -0700 +++ configure.ac 2020-03-18 17:09:57.850334685 -0700 @@ -166,6 +166,10 @@ [ --disable-regex omit regular expression interfaces],, enable_regex=yes) +AC_ARG_ENABLE(tmpnam, + [ --disable-tmpnam omit POSIX tmpnam],, + enable_tmpnam=yes) + AC_ARG_ENABLE([deprecated], AS_HELP_STRING([--disable-deprecated],[omit deprecated features])) @@ -909,6 +913,10 @@ AC_DEFINE([ENABLE_REGEX], 1, [Define when regex support is enabled.]) fi +if test "$enable_tmpnam" = yes; then + AC_DEFINE([ENABLE_TMPNAM], 1, [Define when tmpnam support is enabled.]) +fi + AC_REPLACE_FUNCS([strerror memmove]) # Reasons for testing:
Note: The above patch makes tmpnam report that it is deprecated.
Hi Matt, Matt Wette <matt.wette@gmail.com> skribis: > "make" and "make check" succeeds on 3.0.1 / Ubuntu 18.04 / x86_64 with > 1) --disable-tmpnam > 2) --enable-tmpnam > 3) neither > > This updates libguile/posix.c and configure.ac to allow extra > configuration option --disable-tmpnam. This is made available > for installations that don't want to allow the insecure tmpnam > function. (Use mkstemp! instead.) Nice. We should have deprecated ‘tmpnam’ before 3.0.0, it’s probably OK to do it now. > +AC_ARG_ENABLE(tmpnam, > + [ --disable-tmpnam omit POSIX tmpnam],, > + enable_tmpnam=yes) Could you use ‘AS_HELP_STRING’ as is done in some other places? This is the more conventional way to ensure proper formatting of ‘--help’. Also, could you send the patch as an attachment (your mail client munged it somehow)? You can create the patch by first committing locally and then running (say) ‘git format-patch HEAD^’. Bonus points if your commit log follows the GNU ChangeLog style: https://www.gnu.org/prep/standards/html_node/Change-Logs.html You can imitate previous entries shown by ‘git log’. (I think this patch is acceptable without copyright assignment. Beyond that, we’ll need copyright assignment, as discussed on IRC.) Thanks in advance! Ludo’.
[-- Attachment #1: Type: text/plain, Size: 107 bytes --] Attached is the git patch against the following guile commit: bef5e0b3938cc88e3a1a1ac590b009875cc38162 [-- Attachment #2: 0001-2020-03-22-Matt-Wette-mwette-alumni.caltech.edu.patch --] [-- Type: text/x-patch, Size: 2354 bytes --] From 71ff7e79369a4514a961fc5cf76593b254c32d4c Mon Sep 17 00:00:00 2001 From: Matt Wette <mwette@alumni.caltech.edu> Date: Sun, 22 Mar 2020 09:12:37 -0700 Subject: [PATCH] 2020-03-22 Matt Wette <mwette@alumni.caltech.edu> * configure.ac: Provide new option: --disable-tmpnam This is made available for installations that don't want to allow the insecure POSIX tmpname function. Use mkstemp! instead. * libguile/posix.c tmpnam is deprecated; and enabled by ENABLE_TMPNAM --- configure.ac | 8 ++++++++ libguile/posix.c | 11 +++++++++++ 2 files changed, 19 insertions(+) diff --git a/configure.ac b/configure.ac index 6198c7e..3e96094 100644 --- a/configure.ac +++ b/configure.ac @@ -166,6 +166,10 @@ AC_ARG_ENABLE(regex, [ --disable-regex omit regular expression interfaces],, enable_regex=yes) +AC_ARG_ENABLE(tmpnam, + AS_HELP_STRING([--disable-tmpnam],[omit POSIX tmpnam]),, + enable_tmpnam=yes) + AC_ARG_ENABLE([deprecated], AS_HELP_STRING([--disable-deprecated],[omit deprecated features])) @@ -909,6 +913,10 @@ if test "$enable_regex" = yes; then AC_DEFINE([ENABLE_REGEX], 1, [Define when regex support is enabled.]) fi +if test "$enable_tmpnam" = yes; then + AC_DEFINE([ENABLE_TMPNAM], 1, [Define when tmpnam support is enabled.]) +fi + AC_REPLACE_FUNCS([strerror memmove]) # Reasons for testing: diff --git a/libguile/posix.c b/libguile/posix.c index a1520ab..9b9b476 100644 --- a/libguile/posix.c +++ b/libguile/posix.c @@ -87,6 +87,10 @@ #include "vectors.h" #include "version.h" +#if (SCM_ENABLE_DEPRECATED == 1) +#include "deprecation.h" +#endif + #include "posix.h" #if HAVE_SYS_WAIT_H @@ -1588,6 +1592,8 @@ SCM_DEFINE (scm_environ, "environ", 0, 1, 0, } #undef FUNC_NAME +#if (SCM_ENABLE_DEPRECATED == 1) +#ifdef ENABLE_TMPNAM #ifdef L_tmpnam SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, @@ -1602,6 +1608,9 @@ SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, char name[L_tmpnam]; char *rv; + scm_c_issue_deprecation_warning + ("Use of tmpnam is deprecated. Use mkstemp! instead."); + SCM_SYSCALL (rv = tmpnam (name)); if (rv == NULL) /* not SCM_SYSERROR since errno probably not set. */ @@ -1610,6 +1619,8 @@ SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0, } #undef FUNC_NAME +#endif +#endif #endif SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0, -- 2.17.1
Hi Matt,
Matt Wette <matt.wette@gmail.com> skribis:
>>From 71ff7e79369a4514a961fc5cf76593b254c32d4c Mon Sep 17 00:00:00 2001
> From: Matt Wette <mwette@alumni.caltech.edu>
> Date: Sun, 22 Mar 2020 09:12:37 -0700
> Subject: [PATCH] 2020-03-22 Matt Wette <mwette@alumni.caltech.edu>
>
> * configure.ac:
> Provide new option: --disable-tmpnam
> This is made available for installations that don't want to allow
> the insecure POSIX tmpname function. Use mkstemp! instead.
>
> * libguile/posix.c
> tmpnam is deprecated; and enabled by ENABLE_TMPNAM
I tweaked the commit log and pushed. Thank you!
Ludo’.