[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: loslib.c patch
- From: Ivan Krylov <krylov.r00t@...>
- Date: Sat, 19 Jan 2019 11:17:35 +0300
On Fri, 18 Jan 2019 21:09:16 +0000
Lee Shallis <firstname.lastname@example.org> wrote:
> gcc complains about tmpnam when using the -Werror option
tmpnam() is only used when POSIX functions are not available. Since you
seem to be using Linux Mint, you should #define LUA_USE_POSIX to make
Lua use mkstemp() instead of tmpnam(), which is much safer.
In fact, luaconf.h already #define's LUA_USE_POSIX when it sees
defined(LUA_USE_LINUX), which you should have defined when building for
Linux. How are you building Lua?
Your proposed code does the same thing as tmpnam() (except not using
static variables, which is an improvement), so, unfortunately, it is
subject to the same race condition that tmpnam() has: there is a short
window of time between obtaining a "unique" filename and actually
opening a file descriptor to it when an attacker can create a symbolic
link with the "unique" name to a different file and cause your program
to overwrite that latter file instead of the temporary file.
What mkstemp() does instead is to keep trying to create the
randomly-named file by calling open() with O_CREAT | O_EXCL, until
either open returns a valid file descriptor, ensuring that the file has
been just created by the current process, or the number of attempts is