From 028aace8e1e18186192d02ee3abc594e55009e8c Mon Sep 17 00:00:00 2001
From: Warner Losh <imp@FreeBSD.org>
Date: Sat, 21 Aug 1999 17:56:44 +0000
Subject: [PATCH] Add warnings, ala mktemp, to tempnam and tmpnam as a reminder
 that these are inherently unsafe interfaces.

Do not allow TMPDIR to override path for setuid/setgid programs.
---
 lib/libc/stdio/tempnam.c | 11 ++++++++---
 lib/libc/stdio/tmpnam.c  |  5 +++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/libc/stdio/tempnam.c b/lib/libc/stdio/tempnam.c
index 243fa397ca56..803596a14e9c 100644
--- a/lib/libc/stdio/tempnam.c
+++ b/lib/libc/stdio/tempnam.c
@@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)tempnam.c	8.1 (Berkeley) 6/4/93";
 #endif
 static const char rcsid[] =
-		"$Id$";
+		"$Id: tempnam.c,v 1.5 1997/02/22 15:02:37 peter Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <sys/param.h>
@@ -47,6 +47,11 @@ static const char rcsid[] =
 #include <unistd.h>
 #include <paths.h>
 
+__warn_references(tempnam,
+    "warning: tempnam() possibly used unsafely; consider using mkstemp()");
+
+extern char *_mktemp __P((char *));
+
 char *
 tempnam(dir, pfx)
 	const char *dir, *pfx;
@@ -60,10 +65,10 @@ tempnam(dir, pfx)
 	if (!pfx)
 		pfx = "tmp.";
 
-	if ((f = getenv("TMPDIR"))) {
+	if (issetugid() == 0 && (f = getenv("TMPDIR"))) {
 		(void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXX", f,
 		    *(f + strlen(f) - 1) == '/'? "": "/", pfx);
-		if ((f = mktemp(name)))
+		if ((f = _mktemp(name)))
 			return(f);
 	}
 
diff --git a/lib/libc/stdio/tmpnam.c b/lib/libc/stdio/tmpnam.c
index ce86482f3387..d0aed481387a 100644
--- a/lib/libc/stdio/tmpnam.c
+++ b/lib/libc/stdio/tmpnam.c
@@ -43,6 +43,11 @@ static char sccsid[] = "@(#)tmpnam.c	8.3 (Berkeley) 3/28/94";
 #include <stdio.h>
 #include <unistd.h>
 
+__warn_references(tmpnam,
+    "warning: tmpnam() possibly used unsafely; consider using mkstemp()");
+
+extern char *_mktemp __P((char *));
+
 char *
 tmpnam(s)
 	char *s;