lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

The difference is that clients linking to libc will get the warning not to
use it, but scripts written in Lua won't.  I realize straight ANSI C
portability is one of Lua's goals, but it would be very nice if Lua did the
right thing automatically by preventing someone from writing a script that
makes insecure use of /tmp...  Either by using mkstemp() where available,
or at least by putting out the same warning when someone calls tmpnam().


On Fri, Dec 22, 2000 at 09:52:25AM -0500, Brian Mitchell wrote:
> Yes, thats because lua exports tmpname(). It does not make use of it
> though. It's no more dangerous than libc containing the same function,
> although its use can be dangerous if any of your lua scripts use it.
> On Fri, 22 Dec 2000, Max Ischenko wrote:
> > BTW, FreeBSD linker gives this warning:
> > 
> > ../../foobar/libLualib.a(liolib.o): In function `io_tmpname':
> > liolib.o(.text+0xd5f): warning: tmpnam() possibly used unsafely; consider
> > using mkstemp()
> > 
> > 
> > I think this can be interesting for Lua developers...

Bret Mogilefsky  ** **  Programmer, SCEA R&D