-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Ken Moffat wrote:
> But, I'm half expecting that anything using tempfile will fall back
> to even-less-safe predefined file names if tempfile is either not
> present or if it returns an error.
Yeah, it wouldn't surprise me either. But I've done a bit of checking
into scripts:
find {,/usr}/{,s}bin -type f -exec sh -c "file {} | grep text | grep \
- -viq perl && grep tempfile {} /dev/null" \;
to see if any scripts (i.e. text files) include the "tempfile" string.
(The /dev/null is there so grep actually prints a filename; there's
probably a better way to do that, but whatever. It filters out Perl
because there are lots of references to its tempfile function in Perl
scripts.)
I've found a few, mostly false positives:
- ----
/sbin/generate-modprobe.conf: Calls mktemp first, and tempfile if mktemp
fails (and uses a name based on PID if tempfile fails).
/usr/bin/updatedb: Prints "tempfile failed" if the mktemp call fails.
(Yes, it has the wrong program name. Oh well.)
/usr/bin/tempfile: Going away, doesn't matter.
/usr/bin/vimtutor: Similar to generate-modprobe.conf: calls mktemp
first, calls tempfile if that fails, and uses "none" if *that* fails.
/usr/bin/mysqlaccess: Perl script. File thinks it's an awk script,
though, so the grep -v doesn't kill name.
/usr/sbin/grub-install: Checks whether /bin/tempfile is executable
*first*, then /bin/mktemp, and uses names based on the script's PID if
neither is executable. (I think we should patch this anyway: if nothing
else, to look in /usr/bin as well as /bin. But preferably to look for
mktemp first, as well.)
- ----
Other than grub-install, it looks like all the scripts on my system will
work fine. (I'm not sure on compiled programs. But I'd hope that those
would use the C library mkstemp function instead.)
(Although I should note that this isn't an LFS system. It's an x86_64
CLFS 1.0.0rc4 (hey! I needed multilib! :-P) with a good number of
packages from BLFS, and a few from beyond BLFS. I'd say it might be a
good idea for someone else to re-run the test on their machine if
they're running a relatively recent LFS.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHFstmS5vET1Wea5wRAzWzAJ9vyGoOcVsivgS8umGli74tNwDmAACfVB2c
N7crUvFmT0AAevaFxIN/CXE=
=HAUt
-----END PGP SIGNATURE-----
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
