Bug in tempnam(3) function
Stephen J. Friedl
friedl at mtndew.UUCP
Mon Jun 4 15:24:26 AEST 1990
Once again we find another library function that uses access(2)
in the wrong way. Tempnam(3), called with
char *tempnam(dir, pfx)
char *dir, *pfx;
makes a temp file name in the mentioned directory with the given
prefix and returns it. If the directory suggested by the user is
not available, /tmp is used as a last resort (although I have
seen /usr/tmp used too).
Imagine writing an lp spooler and the "lp" command takes stdin.
The program might do something like:
fname = tempname("/usr/lp/temp", "d-");
assuming that the filename will be built in the suggested place.
If the lp command is setgid lp *and* the underlying user cannot
write to /usr/lp/temp (but presumably the lp gid can), the file
will get stuck in /tmp or /usr/tmp. Now reboot your machine and
watch your print request disappear.
Please, everybody, if you think that access is a handy does-the-
file-exist function you are very wrong, and it's a safe bet that
it does not belong. Email will get a pretty detailed note on why
access(2) is evil.
Steve
--
Stephen J. Friedl, KA8CMY / Software Consultant / Tustin, CA / 3B2-kind-of-guy
+1 714 544 6561 / friedl at mtndew.Tustin.CA.US / {uunet,attmail}!mtndew!friedl
"I will defend to your death my right to my opinion" - me
More information about the Comp.bugs.sys5
mailing list