GNU bug report logs - #29001
[wishlist] configure option to disable tmpnam

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#29001: closed ([wishlist] configure option to disable tmpnam)
Date: Sun, 22 Mar 2020 17:13:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Sun, 22 Mar 2020 18:11:58 +0100
with message-id <877dzcuxep.fsf <at> gnu.org>
and subject line Re: bug#29001: git patch
has caused the debbugs.gnu.org bug report #29001,
regarding [wishlist] configure option to disable tmpnam
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
29001: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=29001
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Matt Wette <matt.wette <at> gmail.com>
To: bug-guile <at> gnu.org
Subject: [wishlist] configure option to disable tmpnam
Date: Wed, 25 Oct 2017 17:26:37 -0700

[Message part 3 (text/plain, inline)]

It would be nice to have a configure option to disable/enable including the POSIX function tmpnam.
It may give Guile a more "code secure" option to have the default be disabled.

I tried to generate a patch, but I could not get it to work both ways (disable and enable).  My autoconf
knowledge and skills are lacking. 

Here is what I tried (THIS DOES NOT WORK)

--- libguile/posix.c-orig       2017-10-24 05:28:30.000000000 -0700
+++ libguile/posix.c    2017-10-24 05:28:51.000000000 -0700
@@ -1557,6 +1557,7 @@
 }
 #undef FUNC_NAME
 
+#ifdef ENABLE_TMPNAM
 #ifdef L_tmpnam
 
 SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
@@ -1580,6 +1581,7 @@
 #undef FUNC_NAME
 
 #endif
+#endif
 
 SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0,
             (void),

--- configure.ac-orig   2017-10-24 05:21:56.000000000 -0700
+++ configure.ac        2017-10-25 16:07:34.000000000 -0700
@@ -164,6 +164,10 @@
   [  --disable-regex         omit regular expression interfaces],,
   enable_regex=yes)
 
+AC_ARG_ENABLE(tmpnam,
+  [  --enable-tmpnam         enable POSIX tmpnam],
+  enable_tmpnam=yes, enable_tmpnam=no)
+
 AC_ARG_ENABLE([deprecated],
   AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))

^--- DOES NOT WORK
 

[Message part 4 (text/html, inline)]

[Message part 5 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Matt Wette <matt.wette <at> gmail.com>
Cc: 29001-done <at> debbugs.gnu.org
Subject: Re: bug#29001: git patch
Date: Sun, 22 Mar 2020 18:11:58 +0100

Hi Matt,

Matt Wette <matt.wette <at> gmail.com> skribis:

>>From 71ff7e79369a4514a961fc5cf76593b254c32d4c Mon Sep 17 00:00:00 2001
> From: Matt Wette <mwette <at> alumni.caltech.edu>
> Date: Sun, 22 Mar 2020 09:12:37 -0700
> Subject: [PATCH] 2020-03-22 Matt Wette <mwette <at> alumni.caltech.edu>
>
> * configure.ac:
> Provide new option: --disable-tmpnam
> This is made available for installations that don't want to allow
> the insecure POSIX tmpname function.  Use mkstemp! instead.
>
> * libguile/posix.c
> tmpnam is deprecated; and enabled by ENABLE_TMPNAM

I tweaked the commit log and pushed.  Thank you!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.