Date: Wed, 13 Feb 2002 01:43:59 GMT From: Aidan Skinner <aidan@kai.velvet.net> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/34893: RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT Message-ID: <200202130143.g1D1hxD76313@kai.velvet.net>
next in thread | raw e-mail | index | archive | help
>Number: 34893 >Category: ports >Synopsis: RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 12 17:50:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Aidan Skinner >Release: FreeBSD 4.5-STABLE i386 >Organization: Velvet Networks >Environment: System: FreeBSD kai.velvet.net 4.5-STABLE FreeBSD 4.5-STABLE #1: Fri Feb 9 02:28:32 GMT 2001 root@xev.velvet.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Gnat uses mktemp to generate temporary files instead of mkstemp, leading to a race condition in generated programs that use temporary files See http://www.securityfocus.com/archive/1/255734 >How-To-Repeat: $ echo "Procedure Foo is begin null; end Foo;" > foo.adb $ /usr/local/bin/gnatmake foo.adb adagcc -c foo.adb gnatbind -x foo.ali gnatlink foo.ali /usr/local/lib/gcc-lib/i386-unknown-freebsd4.5/2.8.1/adalib//libgnat.so: warning: tmpnam() possibly used unsafely; consider using mkstemp() /usr/local/lib/gcc-lib/i386-unknown-freebsd4.5/2.8.1/adalib//libgnat.so: warning: mktemp() possibly used unsafely; consider using mkstemp() >Fix: Apply the patch at http://cert.uni-stuttgart.de/files/fw/gnat-3.14p-mkstemp.diff in ${PORTSDIR}/lang/gnat/work/gcc-2.8.1/src >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202130143.g1D1hxD76313>