[Bug 68350] New: recent gcc/ld doesn't like our use of tmpnam()

Tue Aug 20 12:59:17 PDT 2013

https://bugs.freedesktop.org/show_bug.cgi?id=68350

          Priority: medium
            Bug ID: 68350
          Assignee: simon.mcvittie at collabora.co.uk
           Summary: recent gcc/ld doesn't like our use of tmpnam()
        QA Contact: telepathy-bugs at lists.freedesktop.org
          Severity: major
    Classification: Unclassified
                OS: All
          Reporter: simon.mcvittie at collabora.co.uk
          Hardware: Other
            Status: ASSIGNED
           Version: git master
         Component: tp-glib
           Product: Telepathy

With our "development-mode" settings, recent gcc/ld issues a fatal warning
about tmpnam(), because it's usually used in an unsafe way.

Our usage was in fact safe (trying to listen on a socket always behaves like
O_EXCL|O_CREAT, which can DoS'd but is not subject to symlink attacks), but
we're swimming against the current by trying to use tmpnam(). I have a patch
that replaces this by creating a secure private temporary directory with
g_dir_make_tmp(), and putting our socket in there; unfortunately, tests fail,
so I still need to debug it.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.