Re: lua under FreeBSD

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: lua under FreeBSD
From: Bret Mogilefsky <mogul-lua@...>
Date: Fri, 22 Dec 2000 09:26:17 -0800

The difference is that clients linking to libc will get the warning not to
use it, but scripts written in Lua won't.  I realize straight ANSI C
portability is one of Lua's goals, but it would be very nice if Lua did the
right thing automatically by preventing someone from writing a script that
makes insecure use of /tmp...  Either by using mkstemp() where available,
or at least by putting out the same warning when someone calls tmpnam().

Bret

On Fri, Dec 22, 2000 at 09:52:25AM -0500, Brian Mitchell wrote:
> Yes, thats because lua exports tmpname(). It does not make use of it
> though. It's no more dangerous than libc containing the same function,
> although its use can be dangerous if any of your lua scripts use it.
> 
> On Fri, 22 Dec 2000, Max Ischenko wrote:
> > BTW, FreeBSD linker gives this warning:
> > 
> > ../../foobar/libLualib.a(liolib.o): In function `io_tmpname':
> > liolib.o(.text+0xd5f): warning: tmpnam() possibly used unsafely; consider
> > using mkstemp()
> > 
> > 
> > I think this can be interesting for Lua developers...

-- 
Bret Mogilefsky  ** mogul@gelatinous.com **  Programmer, SCEA R&D

Follow-Ups:
- Re: lua under FreeBSD, Christian Vogler

References:
- Re: lua under FreeBSD, Max Ischenko
- Re: lua under FreeBSD, Brian Mitchell

Prev by Date: Re: lua under FreeBSD
Next by Date: IDE
Previous by thread: Re: lua under FreeBSD
Next by thread: Re: lua under FreeBSD
Index(es):
- Date
- Thread