473,554 Members | 2,639 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Messaging and GCC - "use of `mktemp' is dangerous" warning

Hi,

I'm trying to mimic the IPC/messaging system of an specific OS in a
portable way by using GCC's library. The IPC system uses buffered
asynchronous messages, where any thread can send a message to any other
thread (i.e. to the "threadID") without blocking, and the receiver does
any security checks necessary.

I'm trying to implement the portable/linux version on top of
sockets/datagrams ("SOCK_DGRAM " in the local namespace), and so far
it's working. The first problem I had is that you can't send a datagram
directly to a PID. To get around this, each process creates a temporary
file for it's socket. When any process is created the file name it's
parent used is passed as a command line argument ("excl"), and the new
process uses this information to send an "init" message back to it's
parent containing the file name it used for it's socket. When the
parent receives this "init" message, it broadcasts a "new process"
message to all previous processes within the application. It's an ugly
mess, but after all processes have started (and built a "directory" of
message port ID's) it does work like the IPC system I'm trying to
mimic.

To allow several instances of the application to run at the same time
(without file name conflicts), I'm using the "mktemp" function to
create unique file names for each process's socket.

Unfortunately, GCC keeps reporting warnings - "warning: the use of
`mktemp' is dangerous, better use `mkstemp'".

Is there a way to do this more securely or more cleanly? The "mkstemp"
function isn't quite the same as "bind", and using "mkstemp" and then
closing/deleting the file before calling "bind" seems stupid (it's just
as insecure and messier).

Alternatively, is there a way to disable this warning? For an open
source project, it's a little embarassing when the compiler decides to
tell others that your code is "dangerous" (especially if there is no
viable alternative)... .
Thanks,

Brendan

May 1 '06 #1
6 7440
On 1 May 2006 12:38:35 -0700, "Brendan" <bt******@gmail .com> wrote in
comp.lang.c:
Hi,

I'm trying to mimic the IPC/messaging system of an specific OS in a
portable way by using GCC's library. The IPC system uses buffered
asynchronous messages, where any thread can send a message to any other
thread (i.e. to the "threadID") without blocking, and the receiver does
any security checks necessary.

I'm trying to implement the portable/linux version on top of
sockets/datagrams ("SOCK_DGRAM " in the local namespace), and so far
it's working. The first problem I had is that you can't send a datagram
directly to a PID. To get around this, each process creates a temporary
file for it's socket. When any process is created the file name it's
parent used is passed as a command line argument ("excl"), and the new
process uses this information to send an "init" message back to it's
parent containing the file name it used for it's socket. When the
parent receives this "init" message, it broadcasts a "new process"
message to all previous processes within the application. It's an ugly
mess, but after all processes have started (and built a "directory" of
message port ID's) it does work like the IPC system I'm trying to
mimic.

To allow several instances of the application to run at the same time
(without file name conflicts), I'm using the "mktemp" function to
create unique file names for each process's socket.

Unfortunately, GCC keeps reporting warnings - "warning: the use of
`mktemp' is dangerous, better use `mkstemp'".

Is there a way to do this more securely or more cleanly? The "mkstemp"
function isn't quite the same as "bind", and using "mkstemp" and then
closing/deleting the file before calling "bind" seems stupid (it's just
as insecure and messier).

Alternatively, is there a way to disable this warning? For an open
source project, it's a little embarassing when the compiler decides to
tell others that your code is "dangerous" (especially if there is no
viable alternative)... .
Thanks,

Brendan


None of sockets, threads, IPC, PID, or mkstemp are defined by or part
of the standard C library. I would suggest you post this either to a
gcc support group, or one for programming for that "specific OS" that
you were careful not to mention.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://c-faq.com/
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html
May 1 '06 #2
Hi,

Jack Klein wrote:
None of sockets, threads, IPC, PID, or mkstemp are defined by or part
of the standard C library. I would suggest you post this either to a
gcc support group, or one for programming for that "specific OS" that
you were careful not to mention.


I've reposted to "gnu.gcc.he lp" - I haven't created any newsgroups for
the OS that I was careful not to mention.
Cheers,

Brendan

May 2 '06 #3
Brendan wrote:
Hi, To allow several instances of the application to run at the same time
(without file name conflicts), I'm using the "mktemp" function to
create unique file names for each process's socket.
mktemp() is dangerous, since it allows an attacker to guess names.

Unfortunately, GCC keeps reporting warnings - "warning: the use of
`mktemp' is dangerous, better use `mkstemp'".
The linker is actually reporting this.
Is there a way to do this more securely or more cleanly? The "mkstemp"
function isn't quite the same as "bind", and using "mkstemp" and then
closing/deleting the file before calling "bind" seems stupid (it's just
as insecure and messier).
Isn't tempnam() an alternative ?
Alternatively, is there a way to disable this warning? For an open
source project, it's a little embarassing when the compiler decides to
tell others that your code is "dangerous" (especially if there is no
viable alternative)... .


No, not that I'm aware of.

Igmar
May 2 '06 #4
Hi,

Igmar Palsenberg wrote:
Brendan wrote:
To allow several instances of the application to run at the same time
(without file name conflicts), I'm using the "mktemp" function to
create unique file names for each process's socket.
mktemp() is dangerous, since it allows an attacker to guess names.


The mktemp() function *may* be used in an insecure way, but it can also
be used securely and there's plenty of warnings about the problem in
the library manuals. It seems I'm also not the first to have this
problem. An example, from
http://kt.dlut.edu.cn/samba/sm20001223_36.html:

"Despite the stupid compiler warnings mktemp() (when used properly) is
the most secure option available. When something better comes along we
can consider using it, but meanwhile just put up with the stupid
compiler warnings."

To be honest, for my code there's is a tiny window of time between the
mktemp() call and bind() call that immediately follows it where an
attacker could cause bind() to fail. In this case the application will
shutdown on startup with a "failed to initialized communications" error
(no data loss, etc). It's entirely acceptable considering the
application itself.
Isn't tempnam() an alternative ?


The tempnam() function is re-entrant while mktemp() isn't (which
doesn't matter for me as each process only uses it once anyway).
Otherwise they are mostly equivelent, and I still get a "warning: the
use of `tempnam' is dangerous, better use `mkstemp'" warning.

I have thought of one possibility - I could use "mkdtemp" to securely
create a temporary directory, and then create the files used for
sockets in this directory. In this case the file names won't matter and
don't need to be random. It's annoying, but it'd stop the linker's
whining (which solves my problem)... :-)
Thanks,

Brendan

May 2 '06 #5
Brendan wrote:
Hi,

Igmar Palsenberg wrote:
Brendan wrote:
To allow several instances of the application to run at the same time
(without file name conflicts), I'm using the "mktemp" function to
create unique file names for each process's socket.

mktemp() is dangerous, since it allows an attacker to guess names.


The mktemp() function *may* be used in an insecure way, but it can also
be used securely and there's plenty of warnings about the problem in
the library manuals. It seems I'm also not the first to have this
problem. An example, from
http://kt.dlut.edu.cn/samba/sm20001223_36.html:

"Despite the stupid compiler warnings mktemp() (when used properly) is
the most secure option available. When something better comes along we
can consider using it, but meanwhile just put up with the stupid
compiler warnings."

To be honest, for my code there's is a tiny window of time between the
mktemp() call and bind() call that immediately follows it where an
attacker could cause bind() to fail. In this case the application will
shutdown on startup with a "failed to initialized communications" error
(no data loss, etc). It's entirely acceptable considering the
application itself.
Isn't tempnam() an alternative ?


The tempnam() function is re-entrant while mktemp() isn't (which
doesn't matter for me as each process only uses it once anyway).
Otherwise they are mostly equivelent, and I still get a "warning: the
use of `tempnam' is dangerous, better use `mkstemp'" warning.

I have thought of one possibility - I could use "mkdtemp" to securely
create a temporary directory, and then create the files used for
sockets in this directory. In this case the file names won't matter and
don't need to be random. It's annoying, but it'd stop the linker's
whining (which solves my problem)... :-)

[OT]
Isn't there an option to GCC to ask it to shut up about certain warnings?
May 2 '06 #6
Hi,

void * clvrmnky() wrote:
[OT]
Isn't there an option to GCC to ask it to shut up about certain warnings?


Yes - there's lots of command line options that enable or disable
specific types of warnings. AFAIK every "enable" option has a
corresponding "disable" option (which is normally the same with a "no-"
inserted) - for example, "Wunused-function" and "-Wno-unused-function".

As Igmar correctly pointed out, the "mktemp()" warnings are from the
linker and not from GCC. As far as I"ve been able to find out there is
no way to enable/disable these warnings - they're like a big permanent
glowing sign proclaiming that I'm a moron and that the code is
"dangerous" (which is why I've spent the last 4 hours modifying my
"compatibil ity layer").

[Even more OT]

To be honest, it's working out better than I thought it would - I'm
using the "message port ID" as the file name for each socket, which
means I don't need to send a "new process started" broadcast message
anymore (and makes it easier to hide the legacy environment from the
application).
Cheers,

Brendan

May 2 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2841
by: Thomas Guettler | last post by:
Hi! Is there a need for the "@" in the filenames created with tempfile.mktemp()? I think it would be better to use only characters which are "shell save". At least with bash you need to quote the "@". Copy&past of the filename does not work.
2
5611
by: Liang | last post by:
Hi, I use "defined $r_libs->{$name}" to check first if a key exists in a hash table. But Perl gives a warning WHENEVER the key exists: "Use of uninitialized value". Would u please help to check the script, and let me know the reason? Thanks in advance. Liang
40
3000
by: Steve Juranich | last post by:
I know that this topic has the potential for blowing up in my face, but I can't help asking. I've been using Python since 1.5.1, so I'm not what you'd call a "n00b". I dutifully evangelize on the goodness of Python whenever I talk with fellow developers, but I always hit a snag when it comes to discussing the finer points of the execution...
24
2832
by: Rv5 | last post by:
Rookie c++ question, but Ive spent the last 5 years doing Java, where everytime I created an object I used new. In c++ I can create my objects without and its confusing me just a little. I have a class called polynomial. Its a nothing little class right now, with just int variables, a basic container class. Im using it as I go through...
1
1118
by: Jethro | last post by:
Hi all I have got my .NET vb project compiling nicely into an EXE. I wish to use one of the components (declared as Public) stored in the EXE as a base class for subsequent DLLs to INHERIT from. However when I try and use the "references" dialog, all I get is a warning that the .EXE isn't a COM component, or .NET assembly ... What do I...
7
5704
by: Doug Bell | last post by:
Hi, I have just built a small application with a form that has one Text Box and one Check Box and a couple of Command Buttons. What I am trying to achieve is that if the Text Box has focus and the User hits the "Enter" button the focus will move to the next Tab item (i.e. the Check Box). Likewise on the Check Box but obviously if a Command...
10
2882
by: Lau Lei Cheong | last post by:
Hello, I really need to use volatile System.Int64 for a .NET v1.1 program in C#. But the compiler complains "a volatile field can not be of type long". How to work around it? Or is there any other way to get similar effect for Int64 type? Another question less urging question is, why long variables can't be used as volatile? I understand...
23
3933
by: steve.j.donovan | last post by:
Hi guys, We have the following macro: #define NEXT(type,p) (*((type*)(p))++) It provides a way to poke variable sized data into an array of pcode for a simple VM. e.g,
1
1695
by: Steve Mavronis | last post by:
I tried to install Python 2.51 on Microsoft Vista Ultimate 32-bit because I use the 3D modeler software Blender 2.44, in case I needed additional Python support in the future for add-on scripts. I got a warning about "files in use" during installation that needed updating. I aborted the install since the files were Intel Viiv and Microsoft...
0
7615
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7819
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8055
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7581
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6170
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5165
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3589
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
2030
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1149
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.