Mktemp is not in the book

Bill's LFS Login lfsbill at wlmcs.com
Thu Jan 30 04:19:31 PST 2003


On Thu, 30 Jan 2003, Greg Schafer wrote:

> On Wed, Jan 29, 2003 at 09:32:00PM -0700, Gerard Beekmans wrote:
> > On January 21, 2003 06:19 pm, Alexander E. Patrakov wrote:
> > > http://www.courtesan.com/mktemp/
> >
> > Okay guys some opinions. Add this package to the book or not?
>
> (only looked at this for 15 mins so not an authority by any stretch)
>
> I vote not.
>
> This package won't make bzdiff & co work (they need tempfile). Symlinking
> tempfile to mktemp probably won't work coz the -d & -p switches have
> different meanings according to their respective manpages.

Drat! I just checked bzdiff and it uses the -d param.

> The mktemp version on the quoted website looks older than what is currently
> <snip>

> One last thing, I found it rather ironic that the compile of mktemp.c went
> like so:-
>
> cc -O2 -g -Wall    tempfile.c   -o tempfile
> tempfile.c:19:12: warning: multi-line string literals are deprecated
> /tmp/ccIQ1DvF.o(.text+0x2a4): In function `main':
> /root/temp/temp2/debianutils-1.16.2woody0/tempfile.c:112: the use of
> `tempnam' is dangerous, better use `mkstemp'
>
> :-)

Not ironic at all. Mktemp is a deprecated command, IIRC, for security
reasons because of the potential race/predictability-of-names issue.

Looks like we either:
a) accept a security risk,
b) continue to have some LFS installed stuff that doesn't work,
c) patch a version of tempfile and mktemp ourselves to use mkstemp
d) continue scrounging to find a good version of both tempfile and/or
   mktemp

I had undertaken d) sometime prior, maybe it time to look again?

><snip>

> Greg

-- 
Bill Maltby
lfsbill at wlmcs.com


-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list