On Wed, Jan 30, 2008 at 05:02:46PM -0800, Alan Irwin wrote: > > For case (3) some additional warnings occurred for > bindings/tk/plframe.c:2648 and drivers/tk.c:1453 (repeated more than 100 > times for some reason) with the message > > tmpnam is dangerous, better use mkstemp > > Is this large set of warnings easy to fix?
This is a link-time warning, which is why it only appears with the statically linked case. tmpfile is the best portable way of opening temporary files. It returns an open file descriptor rather than a file name. This avoids the various race conditions inherent in tmpnam. We use this elsewhere in plplot. Unfortunately these two cases are not easily changed. plframe.c opens a temporary file, writes to it, then calls an external print command with the temporary file name. We need the name to do this. We could use mkstemp in this case, which returns a file descriptor and a file name, avoiding the race conditions. Unfortunately this is not portable (windows doesn't have it I believe). I could implement this through suitable #ifdef's. drivers/tk.c uses the temporary file name to open a FIFO pipe. Neither tmpfile nor mkstemp can do this so I see no alternative to using tmpnam. Well the alternative is a fixed name, which is even worse to my mind. When we use tmpnam we ensure that the file is correctly created and opened and exit if not so the use should(?) be secure. A denial of service attack would be possible in theory I suppose. Unfortunately a search on the web hasn't shown an easy way of disabling the warning. Andrew ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Plplot-devel mailing list Plplot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/plplot-devel
