On Wed Jun 10 13:53:38 2009, rafael wrote: > 2009/6/10 Rafael Garcia-Suarez <rgarciasuarez@gmail.com>: > > 2009/6/9 Niko Tyni <perlbug-followup@perl.org>: > >> In <http://bugs.debian.org/528544>, Norbert Buchmuller <norbi@nix.hu> > >> requests that opening an anonymous temporary file with the idiom > >> `open($fh, '+>', undef)' should use $ENV{TMPDIR} instead of hardcoding > >> /tmp. > >> > >> I'm attaching a patch against current blead based on his original one. > >> > >> I'm uneasy on failing when TMPDIR is set but doesn't exist or isn't > >> writable. The obvious alternative is to stat it every time and fall back > >> on /tmp if necessary. > >> > >> Also, should we worry about tainting issues? > > > > I see that the patch was already applied, but your concern is worthwhile. > > > > However, stat'ing the TMPDIR is not enough. There is a race condition. > > The right way is to test if the mkstemp fails. > > > > Also, I would completely disable reading TMPDIR if tainted. > > All of this is implemented now by : > > commit 0b99e9860ee94a7d55fe93fe492e8286fdfa409d > Author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com> > Date: Wed Jun 10 22:42:15 2009 +0200 > > Do not honor TMPDIR for anonymous temporary files when tainting > > Use a default of /tmp on Unixes when TMPDIR is unset or empty, or > when creation of a temporary file in it fails > > This goes on top of commit 26e8050aaf2eeca2f04cdc7bc5df07f8dc4ff0f9 > My reading of Rafael's comment suggests that this ticket should have been closed in June 2009. I will close it in seven days unless someone identifies remaining issues and takes the ticket over. Thank you very much. Jim Keenan --- via perlbug: queue: perl5 status: open https://rt.perl.org:443/rt3/Ticket/Display.html?id=66452Thread Next