Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Trickle Down Bugs: Who broke our code?

by afoken (Chancellor)
on Jun 13, 2018 at 21:22 UTC ( [id://1216594]=note: print w/replies, xml ) Need Help??


in reply to Trickle Down Bugs: Who broke our code?

Well, you could monkey-patch a tmpname implementation into the POSIX namespace.

BUT:

The POSIX module promises to provide you with an interface "to access all (or nearly all) the standard POSIX 1003.1 identifiers.". So everything in the POSIX namespace should / shall / must behave according to POSIX. Implementing a POSIX::tmpnam() that does something completely different will cause even more trouble.

POSIX has specified the behaviour of tmpnam(), probably after it was implemented everywhere. And unfortunately, tmpnam() just sucks. The problem is explained in https://linux.die.net/man/3/tmpnam and other places. Short: You build huge gapping security holes when using tmpnam(). Quoting the man page:

Bugs

Never use this function.

The clean way to handle temp files is File::Temp, and use the file handles instead of file names. Of course, this will require changes to the existing code. But those changes will remove the security holes introduced by tmpnam().

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1216594]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (8)
As of 2024-04-19 09:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found