GNU bug report logs - #29001
[wishlist] configure option to disable tmpnam

Previous Next

Package: guile;

Reported by: Matt Wette <matt.wette <at> gmail.com>

Date: Thu, 26 Oct 2017 00:27:01 UTC

Severity: wishlist

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Matt Wette <matt.wette <at> gmail.com>
Subject: bug#29001: closed (Re: bug#29001: git patch)
Date: Sun, 22 Mar 2020 17:13:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#29001: [wishlist] configure option to disable tmpnam

which was filed against the guile package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 29001 <at> debbugs.gnu.org.

-- 
29001: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=29001
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Matt Wette <matt.wette <at> gmail.com>
Cc: 29001-done <at> debbugs.gnu.org
Subject: Re: bug#29001: git patch
Date: Sun, 22 Mar 2020 18:11:58 +0100

Hi Matt,

Matt Wette <matt.wette <at> gmail.com> skribis:

>>From 71ff7e79369a4514a961fc5cf76593b254c32d4c Mon Sep 17 00:00:00 2001
> From: Matt Wette <mwette <at> alumni.caltech.edu>
> Date: Sun, 22 Mar 2020 09:12:37 -0700
> Subject: [PATCH] 2020-03-22 Matt Wette <mwette <at> alumni.caltech.edu>
>
> * configure.ac:
> Provide new option: --disable-tmpnam
> This is made available for installations that don't want to allow
> the insecure POSIX tmpname function.  Use mkstemp! instead.
>
> * libguile/posix.c
> tmpnam is deprecated; and enabled by ENABLE_TMPNAM

I tweaked the commit log and pushed.  Thank you!

Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Matt Wette <matt.wette <at> gmail.com>
To: bug-guile <at> gnu.org
Subject: [wishlist] configure option to disable tmpnam
Date: Wed, 25 Oct 2017 17:26:37 -0700

[Message part 4 (text/plain, inline)]
It would be nice to have a configure option to disable/enable including the POSIX function tmpnam.
It may give Guile a more "code secure" option to have the default be disabled.

I tried to generate a patch, but I could not get it to work both ways (disable and enable).  My autoconf
knowledge and skills are lacking. 

Here is what I tried (THIS DOES NOT WORK)

--- libguile/posix.c-orig       2017-10-24 05:28:30.000000000 -0700
+++ libguile/posix.c    2017-10-24 05:28:51.000000000 -0700
@@ -1557,6 +1557,7 @@
 }
 #undef FUNC_NAME
 
+#ifdef ENABLE_TMPNAM
 #ifdef L_tmpnam
 
 SCM_DEFINE (scm_tmpnam, "tmpnam", 0, 0, 0,
@@ -1580,6 +1581,7 @@
 #undef FUNC_NAME
 
 #endif
+#endif
 
 SCM_DEFINE (scm_tmpfile, "tmpfile", 0, 0, 0,
             (void),

--- configure.ac-orig   2017-10-24 05:21:56.000000000 -0700
+++ configure.ac        2017-10-25 16:07:34.000000000 -0700
@@ -164,6 +164,10 @@
   [  --disable-regex         omit regular expression interfaces],,
   enable_regex=yes)
 
+AC_ARG_ENABLE(tmpnam,
+  [  --enable-tmpnam         enable POSIX tmpnam],
+  enable_tmpnam=yes, enable_tmpnam=no)
+
 AC_ARG_ENABLE([deprecated],
   AS_HELP_STRING([--disable-deprecated],[omit deprecated features]))

^--- DOES NOT WORK
 


[Message part 5 (text/html, inline)]
This bug report was last modified 5 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.