Defect report from : Eric Blake , N/A
(Please direct followup comments direct to yyyyyyyyyyyyyy@xxxxxxxxxxxxx)
@ page 582 line 22520 section m4 objection {ebb.m4.maketemp}
Problem:
Edition of Specification (Year): 2004
Defect code : 1. Error
The current specification of the maketemp macro in m4 is a security
hole - it is very easy for other processes to guess what file name
will be generated when all that is done is replacing trailing XXXXXX
by the process id. Furthermore, repeated invocations of maketemp
given the same template will result in the same filename. One of
the reasons that GNU m4 is not POSIX compliant is due to the fact
that it treats maketemp more like mkstemp(); each invocation replaces
the trailing XXXXXX with a random string, and creates a new empty
file by that name, so that the application can then proceed to use the
temporary file in subsequent syscmd with the assurance that no other
process can replace that file.
The wording below attempts to allow traditional behavior but permit
the GNU behavior as an extension.
Action:
Replace line 22520:
maketemp The defining text shall be the first argument, with any
trailing ’X’ characters replaced with the current process ID as a
string.
With this paragraph:
maketemp The defining text shall be the first argument, with trailing
'X' characters replaced with characters from the portable file name
set, such that the result can be used as a temporary file name. The
behavior is unspecified if the first argument does not end in at least
six 'X' characters. It is implementation-defined whether an empty file
with the name matching the defining text is created as a side effect;
however, if the implementation creates files, it shall be an error if
a file could not be created using the first argument as a template.
|