Hi Andrew: I am mostly addressing this to you because I believe you have worked on the tmpnam issue in the past for our PLplot code.
Our oldest (from 2001!) open bug report concerns tmpnam (which is strongly deprecated if you look at man tmpnam and which generates warnings for some build configurations [I think it is when building applications against our static library, but I have forgotten the exact circumstances when this annoying warning message is issued.]). It turns out that tmpnam still exists in a few places in our software, i.e., softw...@raven> find -type f |grep -v svn |xargs grep tmpnam \ |grep -v ChangeLog ./drivers/tk.c: iodev->fileName = (char *) tmpnam( NULL ); ./bindings/tk/plframe.c: sfnam = (char *) tmpnam( NULL ); ./bindings/tk-x-plat/plplotter.c: sfnam = (char *) tmpnam( NULL ); ./bindings/octave/PLplot/figure.m: init_file = tmpnam(); ./bindings/octave/PLplot/save_fig.m: file = tmpnam; For the octave case, https://prof.hti.bfh.ch/sha1/Octave/index/f/tmpnam.html implies the octave version of tmpnam has the same security issue as the C tmpnam. Accordingly, could you change over the octave code to use the octave tmpfile or mkstemp functions as appropriate? Those functions are documented at https://prof.hti.bfh.ch/sha1/Octave/index/f/tmpfile.html and https://prof.hti.bfh.ch/sha1/Octave/index/f/mkstemp.html. For the C code, the temporary file name is used a number of places after it is created so there is no easy way to switch to tmpfile (which is used elsewhere in PLplot with success). We could try switching to mkstemp (which deals with the security issue implied by tmpnam). However, a google search for windows mkstemp implies mkstemp is not available on Windows. However, see http://www.mail-archive.com/pan-devel%40nongnu.org/msg00294.html for what looks like a straightforward workaround for the windows case. At this point, however, I am right at the ragged edge of my C knowledge so I would appreciate your help and/or advice about moving from tmpnam to mkstemp for the above three C files. Alan __________________________ Alan W. Irwin Astronomical research affiliation with Department of Physics and Astronomy, University of Victoria (astrowww.phys.uvic.ca). Programming affiliations with the FreeEOS equation-of-state implementation for stellar interiors (freeeos.sf.net); PLplot scientific plotting software package (plplot.org); the libLASi project (unifont.org/lasi); the Loads of Linux Links project (loll.sf.net); and the Linux Brochure Project (lbproject.sf.net). __________________________ Linux-powered Science __________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Plplot-devel mailing list Plplot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/plplot-devel
