Add warnings, ala mktemp, to tempnam and tmpnam as a reminder that

these are inherently unsafe interfaces. Do not allow TMPDIR to override path for setuid/setgid programs.
1999-08-21 17:56:44 +00:00 · 1999-08-21 17:56:44 +00:00 · 028aace8e1
commit 028aace8e1
parent d00275330d
2 changed files with 13 additions and 3 deletions
--- a/lib/libc/stdio/tempnam.c
+++ b/lib/libc/stdio/tempnam.c
@ -36,7 +36,7 @@
 static char sccsid[] = "@(#)tempnam.c	8.1 (Berkeley) 6/4/93";
 #endif
 static const char rcsid[] =
-		"$Id$";
+		"$Id: tempnam.c,v 1.5 1997/02/22 15:02:37 peter Exp $";
 #endif /* LIBC_SCCS and not lint */

 #include <sys/param.h>
@ -47,6 +47,11 @@ static const char rcsid[] =
 #include <unistd.h>
 #include <paths.h>

+__warn_references(tempnam,
+    "warning: tempnam() possibly used unsafely; consider using mkstemp()");
+
+extern char *_mktemp __P((char *));
+
 char *
 tempnam(dir, pfx)
 	const char *dir, *pfx;
@ -60,10 +65,10 @@ tempnam(dir, pfx)
 	if (!pfx)
 		pfx = "tmp.";

-	if ((f = getenv("TMPDIR"))) {
+	if (issetugid() == 0 && (f = getenv("TMPDIR"))) {
 		(void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXX", f,
 		    *(f + strlen(f) - 1) == '/'? "": "/", pfx);
-		if ((f = mktemp(name)))
+		if ((f = _mktemp(name)))
 			return(f);
 	}

--- a/lib/libc/stdio/tmpnam.c
+++ b/lib/libc/stdio/tmpnam.c
@ -43,6 +43,11 @@ static char sccsid[] = "@(#)tmpnam.c	8.3 (Berkeley) 3/28/94";
 #include <stdio.h>
 #include <unistd.h>

+__warn_references(tmpnam,
+    "warning: tmpnam() possibly used unsafely; consider using mkstemp()");
+
+extern char *_mktemp __P((char *));
+
 char *
 tmpnam(s)
 	char *s;