765063 – (GLUSTER-3331) Do not use mktemp

Bug 765063 (GLUSTER-3331) - Do not use mktemp

Summary: Do not use mktemp

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	GLUSTER-3331
Product:	GlusterFS
Classification:	Community
Component:	core
Sub Component:
Version:	mainline
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Sachidananda Urs
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-08-04 11:01 UTC by Sachidananda Urs
Modified:	2015-12-01 16:45 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Sachidananda Urs 2011-08-04 11:01:46 UTC

libglusterfs/src/compat.c:

char *
mkdtemp (char *tempstring)
{
    ...
        new_string = mktemp (tempstring);
        if (!new_string)
                goto out;
    ...
}

mktemp(3) is deprecated, use mkstemp(3).

Some implementations follow 4.3BSD and replace XXXXXX by the current process ID and a single letter, so that at most 26 different names can be returned.  Since on the one hand the names are easy to guess, and on the other hand there is a race between testing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3).

Comment 1 Anand Avati 2011-08-05 07:13:43 UTC

CHANGE: http://review.gluster.com/163 (Man page states:) merged in master by Anand Avati (avati)

Comment 2 Saurabh 2011-08-31 06:28:23 UTC

finding the code updated in the latest git sync.

Note You need to log in before you can comment on or make changes to this bug.