* libguile-2.2.2 uses tmpnam
@ 2017-10-21 9:05 Jeffrey Walton
2017-10-24 11:47 ` Jeffrey Walton
0 siblings, 1 reply; 4+ messages in thread
From: Jeffrey Walton @ 2017-10-21 9:05 UTC (permalink / raw)
To: guile-devel
My apologies for writing about this. I found one previous thread that
mentioned it, but it was working a clock_t problem. Cf.,
https://lists.gnu.org/archive/html/bug-guile/2011-05/msg00024.html
I'm seeing the following when compiling libguile-2.2.2 from sources.
The use of tmpnam caught my eye because I have not seen that warning
in years. I thought it went extinct in the early 2000's.
At this point it time its probably best to use an equivalent function
with better security properties. If an equivalent function with better
security properties is not feasible, then I would prefer to remove it
all together. Its 2017 and any program calling tmpnam is defective.
I'm happy to configure libguile to remove tmpnam and break other
libraries. I don't believe its a configuration option at the moment.
`./configure --help | egrep 'tmpnam|insecure'` returns 0 hits.
I regularly configured OpenSSL with no-ssl2 and no-ssl3 years before
OpenSSL made it a default. I was always able to manage without the
broken protocols. I promise most users will not miss it.
If interested, I'm building GnuTLS from sources, including its
dependencies. GnuTLS is high integrity software. Supply chain
management kind of dictates it should not be calling a module that
provides or uses tmpnam.
Jeff
**************************************************
$ make V=1
...
.libs/libguile_2.2_la-net_db.o .libs/libguile_2.2_la-socket.o
.libs/libguile_2.2_la-regex-posix.o -Wl,--whole-archive
../lib/.libs/libgnu.a -Wl,--no-whole-archive -Wl,-rpath
-Wl,/usr/local/lib -lgc -lffi -L/usr/local/lib
/usr/local/lib/libunistring.so /usr/local/lib/libiconv.so
/usr/local/lib/libgmp.so /usr/lib/x86_64-linux-gnu/libltdl.so -lcrypt
-ldl -lpthread -lm -m64 -march=native -Wl,-z -Wl,relro
-Wl,--version-script=./libguile.map -m64 -Wl,-rpath -Wl,/usr/local/lib
-Wl,-soname -Wl,libguile-2.2.so.1 -o .libs/libguile-2.2.so.1.2.0
.libs/libguile_2.2_la-posix.o: In function `scm_tmpnam':
posix.c:(.text+0x2003): warning: the use of `tmpnam' is dangerous,
better use `mkstemp'
libtool: link: (cd ".libs" && rm -f "libguile-2.2.so.1" && ln -s
"libguile-2.2.so.1.2.0" "libguile-2.2.so.1")
libtool: link: (cd ".libs" && rm -f "libguile-2.2.so" && ln -s
"libguile-2.2.so.1.2.0" "libguile-2.2.so")
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: libguile-2.2.2 uses tmpnam
2017-10-21 9:05 libguile-2.2.2 uses tmpnam Jeffrey Walton
@ 2017-10-24 11:47 ` Jeffrey Walton
2017-10-24 12:11 ` Roel Janssen
2017-10-24 23:24 ` Matt Wette
0 siblings, 2 replies; 4+ messages in thread
From: Jeffrey Walton @ 2017-10-24 11:47 UTC (permalink / raw)
To: guile-devel
On Sat, Oct 21, 2017 at 5:05 AM, Jeffrey Walton <noloader@gmail.com> wrote:
> My apologies for writing about this. I found one previous thread that
> mentioned it, but it was working a clock_t problem. Cf.,
> https://lists.gnu.org/archive/html/bug-guile/2011-05/msg00024.html
> ...
> I'm happy to configure libguile to remove tmpnam and break other
> libraries. I don't believe its a configuration option at the moment.
> `./configure --help | egrep 'tmpnam|insecure'` returns 0 hits.
--disable-deprecated does not remove it. I'm fairly certain Posix
deprecated the function about a decade ago, so its not clear to me how
its not being removed with the option.
Any hints on getting rid of this would be greatly appreciated.
Jeff
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: libguile-2.2.2 uses tmpnam
2017-10-24 11:47 ` Jeffrey Walton
@ 2017-10-24 12:11 ` Roel Janssen
2017-10-24 23:24 ` Matt Wette
1 sibling, 0 replies; 4+ messages in thread
From: Roel Janssen @ 2017-10-24 12:11 UTC (permalink / raw)
To: noloader; +Cc: guile-devel
Jeffrey Walton writes:
> On Sat, Oct 21, 2017 at 5:05 AM, Jeffrey Walton <noloader@gmail.com> wrote:
>> My apologies for writing about this. I found one previous thread that
>> mentioned it, but it was working a clock_t problem. Cf.,
>> https://lists.gnu.org/archive/html/bug-guile/2011-05/msg00024.html
>> ...
>> I'm happy to configure libguile to remove tmpnam and break other
>> libraries. I don't believe its a configuration option at the moment.
>> `./configure --help | egrep 'tmpnam|insecure'` returns 0 hits.
>
> --disable-deprecated does not remove it. I'm fairly certain Posix
> deprecated the function about a decade ago, so its not clear to me how
> its not being removed with the option.
>
> Any hints on getting rid of this would be greatly appreciated.
>
> Jeff
First, I am not a developer of GNU Guile itself. So my advice may be
wrong.
The only place where tmpnam seems to be used in libguile is posix.c:
From the libguile/ directory:
$ grep -r "tmpnam" .
./ChangeLog-1996-1999: * posix.h (scm_tmpnam): Added prototype.
./ChangeLog-1996-1999: * posix.c (scm_tmpnam): New function.
./ChangeLog-1996-1999: * fports.c: remove ttyname and tmpnam declarations.
./ChangeLog-2008: (scm_environ, scm_tmpnam, scm_mkstemp, scm_access, scm_getpid),
./ChangeLog-2008: * posix.c (scm_tmpnam): check that return value from tmpnam is not
./ChangeLog-scm: * sys.c (ltmpnam): return value of mktemp call tested in accord
./ChangeLog-scm: * scm.c (tmpnam): support for mktemp added.
./ChangeLog-scm: * scm.c (tmpnam): added.
./posix.c:#ifdef L_tmpnam
./posix.c:SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
./posix.c: "process will not create the file after @code{tmpnam} is called.\n"
./posix.c:#define FUNC_NAME s_scm_tmpnam
./posix.c: char name[L_tmpnam];
./posix.c: SCM_SYSCALL (rv = tmpnam (name));
./posix.c: SCM_MISC_ERROR ("tmpnam failed", SCM_EOL);
./posix.h:SCM_API SCM scm_tmpnam (void);
So, I would guess removing the call to SCM_DEFINE on line 1562 would
achieve your goal.
I don't think there is Guile code that actually uses this function,
except for allowing users to call tmpnam in Scheme code. We can
find out whether this is true by disabling tmpnam there, and see if
anything breaks.
Kind regards,
Roel Janssen
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: libguile-2.2.2 uses tmpnam
2017-10-24 11:47 ` Jeffrey Walton
2017-10-24 12:11 ` Roel Janssen
@ 2017-10-24 23:24 ` Matt Wette
1 sibling, 0 replies; 4+ messages in thread
From: Matt Wette @ 2017-10-24 23:24 UTC (permalink / raw)
To: noloader; +Cc: guile-devel
> On Oct 24, 2017, at 4:47 AM, Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Sat, Oct 21, 2017 at 5:05 AM, Jeffrey Walton <noloader@gmail.com> wrote:
>> My apologies for writing about this. I found one previous thread that
>> mentioned it, but it was working a clock_t problem. Cf.,
>> https://lists.gnu.org/archive/html/bug-guile/2011-05/msg00024.html
>> ...
>> I'm happy to configure libguile to remove tmpnam and break other
>> libraries. I don't believe its a configuration option at the moment.
>> `./configure --help | egrep 'tmpnam|insecure'` returns 0 hits.
>
> --disable-deprecated does not remove it. I'm fairly certain Posix
> deprecated the function about a decade ago, so its not clear to me how
> its not being removed with the option.
>
> Any hints on getting rid of this would be greatly appreciated.
>
> Jeff
I am working on a patch to make default configure w/o tmpnam and provides --enable-tmpnam option.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-24 23:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-21 9:05 libguile-2.2.2 uses tmpnam Jeffrey Walton
2017-10-24 11:47 ` Jeffrey Walton
2017-10-24 12:11 ` Roel Janssen
2017-10-24 23:24 ` Matt Wette
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).