Front page | perl.perl5.porters |
Postings from February 2013
On Wed Jun 10 13:53:38 2009, rafael wrote:
> 2009/6/10 Rafael Garcia-Suarez <rgarciasuarez@gmail.com>:
> > 2009/6/9 Niko Tyni <perlbug-followup@perl.org>:
> >> In <http://bugs.debian.org/528544>, Norbert Buchmuller <norbi@nix.hu>
> >> requests that opening an anonymous temporary file with the idiom
> >> `open($fh, '+>', undef)' should use $ENV{TMPDIR} instead of hardcoding
> >> /tmp.
> >>
> >> I'm attaching a patch against current blead based on his original one.
> >>
> >> I'm uneasy on failing when TMPDIR is set but doesn't exist or isn't
> >> writable. The obvious alternative is to stat it every time and fall
back
> >> on /tmp if necessary.
> >>
> >> Also, should we worry about tainting issues?
> >
> > I see that the patch was already applied, but your concern is
worthwhile.
> >
> > However, stat'ing the TMPDIR is not enough. There is a race condition.
> > The right way is to test if the mkstemp fails.
> >
> > Also, I would completely disable reading TMPDIR if tainted.
>
> All of this is implemented now by :
>
> commit 0b99e9860ee94a7d55fe93fe492e8286fdfa409d
> Author: Rafael Garcia-Suarez <rgarciasuarez@gmail.com>
> Date: Wed Jun 10 22:42:15 2009 +0200
>
> Do not honor TMPDIR for anonymous temporary files when tainting
>
> Use a default of /tmp on Unixes when TMPDIR is unset or empty, or
> when creation of a temporary file in it fails
>
> This goes on top of commit 26e8050aaf2eeca2f04cdc7bc5df07f8dc4ff0f9
>
My reading of Rafael's comment suggests that this ticket should have
been closed in June 2009. I will close it in seven days unless someone
identifies remaining issues and takes the ticket over.
Thank you very much.
Jim Keenan
---
via perlbug: queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=66452
Thread Next