develooper Front page | perl.perl5.porters | Postings from February 2013

[perl #66452] TMPDIR not honored when opening an anonymous temporary file

Thread Next
From:
James E Keenan via RT
Date:
February 24, 2013 22:46
Subject:
[perl #66452] TMPDIR not honored when opening an anonymous temporary file
Message ID:
rt-3.6.HEAD-31961-1361746011-1233.66452-15-0@perl.org
On Wed Jun 10 13:53:38 2009, rafael wrote:
> 2009/6/10 Rafael Garcia-Suarez <rgarciasuarez@gmail.com>:
> > 2009/6/9 Niko Tyni <perlbug-followup@perl.org>:
> >> In <http://bugs.debian.org/528544>, Norbert Buchmuller <norbi@nix.hu>
> >> requests that opening an anonymous temporary file with the idiom
> >> `open($fh, '+>', undef)' should use $ENV{TMPDIR} instead of hardcoding
> >> /tmp.
> >>
> >> I'm attaching a patch against current blead based on his original one.
> >>
> >> I'm uneasy on failing when TMPDIR is set but doesn't exist or isn't
> >> writable. The obvious alternative is to stat it every time and fall
back
> >> on /tmp if necessary.
> >>
> >> Also, should we worry about tainting issues?
> >
> > I see that the patch was already applied, but your concern is
worthwhile.
> >
> > However, stat'ing the TMPDIR is not enough. There is a race condition.
> > The right way is to test if the mkstemp fails.
> >
> > Also, I would completely disable reading TMPDIR if tainted.
> 
> All of this is implemented now by :
> 
> commit 0b99e9860ee94a7d55fe93fe492e8286fdfa409d
> Author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com>
> Date:   Wed Jun 10 22:42:15 2009 +0200
> 
>     Do not honor TMPDIR for anonymous temporary files when tainting
> 
>     Use a default of /tmp on Unixes when TMPDIR is unset or empty, or
>     when creation of a temporary file in it fails
> 
>     This goes on top of commit 26e8050aaf2eeca2f04cdc7bc5df07f8dc4ff0f9
> 

My reading of Rafael's comment suggests that this ticket should have
been closed in June 2009.  I will close it in seven days unless someone
identifies remaining issues and takes the ticket over.

Thank you very much.
Jim Keenan

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=66452

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About