[Bug 68350] recent gcc/ld doesn't like our use of tmpnam()
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Aug 21 10:35:22 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=68350
--- Comment #3 from Simon McVittie <simon.mcvittie at collabora.co.uk> ---
Created attachment 84404
--> https://bugs.freedesktop.org/attachment.cgi?id=84404&action=edit
_tp_create_temp_unix_socket: avoid using tmpnam()
n current Debian unstable, gcc/ld issues a warning about tmpnam(),
because it's usually used in an unsafe way. "gcc -Wl,--fatal-warnings"
(which I'm using in my development environment) upgrades that to fatal.
Our usage was in fact safe (trying to listen on a socket always
behaves like O_EXCL|O_CREAT, which can DoS'd but is not subject to
symlink attacks), but we're swimming against the current by trying
to use tmpnam(). Instead, create a secure private temporary directory
with g_dir_make_tmp(), and put our socket in there.
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the telepathy-bugs
mailing list