LibTiff Mailing List

On Mon, 10 Jan 2011, Edward Lam wrote:
>
> Then I move that the patch be reverted. Why was it even necessary to use
> mkstemp() when we don't care about the file name? Not to mention that
> the new code uses a fixed length buffer that could in theory cause a
> buffer overflow.

While I have not looked at the code, the main problem with tmpfile() 
is that it is not a secure function.  A secure file generator should 
exclusively open the file in order to avoid race conditions.  The 
tmpfile() interface allows some other file to be inserted between the 
time the name is allocated and the file is opened.  This can be used 
to cause very bad things to happen.  There are also issues with how 
easy it is to guess the next file name which will be used.

For GraphicsMagick, I ultimately ended up writing my own temporary 
file interface.  This ended up not being as easy as it seemed, and was 
not perfect the first time out.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive January 2011 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2011.01.10 16:18 "Missing mkstemp() on Visual Studio 2008", by Jeff Mckenna 2011.01.10 16:59 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam 2011.01.10 18:59 "Re: Missing mkstemp() on Visual Studio 2008", by Jeff Mckenna 2011.01.10 20:35 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam 2011.01.10 20:37 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam 2011.01.10 20:54 "Re: Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn 2011.01.10 21:30 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam 2011.01.11 00:01 "Re: Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky 2011.01.11 15:41 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam 2011.01.11 16:18 "Re: Missing mkstemp() on Visual Studio 2008", by Olivier Paquet 2011.01.11 16:38 "Re: Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky 2011.01.10 20:54 "Re: Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn On Mon, 10 Jan 2011, Edward Lam wrote: > > Then I move that the patch be reverted. Why was it even necessary to use > mkstemp() when we don't care about the file name? Not to mention that > the new code uses a fixed length buffer that could in theory cause a > buffer overflow. While I have not looked at the code, the main problem with tmpfile() is that it is not a secure function. A secure file generator should exclusively open the file in order to avoid race conditions. The tmpfile() interface allows some other file to be inserted between the time the name is allocated and the file is opened. This can be used to cause very bad things to happen. There are also issues with how easy it is to guess the next file name which will be used. For GraphicsMagick, I ultimately ended up writing my own temporary file interface. This ended up not being as easy as it seemed, and was not perfect the first time out. Bob -- Bob Friesenhahn bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/

LibTiff Mailing List

Thread

2011.01.10 20:54 "Re: Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn