adendum to: Re: LFS 5.0 Patch-2.5.4 Chapt 5 mktemp

Allard Welter allard at nospam.nl
Fri Jan 23 16:12:38 PST 2004


> On Friday 23 January 2004 23:51, jmh wrote:
> >
> > patch.o(.text+0x2d22): In function 'make_temp':...use of
> > mktemp is dangerous, better use 'mkstemp'
> >
> > during make.
> >
> > Is this something to fix or should I just ignore it?
> >
> > jmh
>
> mktemp and mkstemp do the same thing (both create a unique temporary file)
> except that mkstemp gaurantees that no other process can accidentally
> create a file with the same name (verry small chance) by opening it for you
> at the same time with 0600 (r/w) permissions. The issue is security
> related. There is a small chance that a malicious hacker will pirate the
> process by substituting a temporary file created in this manner with a
> another containing some malicious content. (see chapters_14.html#SEC296 of
> the libc manual).
>
> Seeing the program I'm working on at the moment is not co-operating,
> perhaps I'll take a look - bit tipsy right now, but I'll try to remember.
>
> Regards - Allard
>

Thought I'd do some reading instead. The following is from linux-2.4.24/
Documentation/filesystems/tmpfs.txt as I'm sure you've all studied diligently

<quote>
2) glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
   POSIX shared memory (shm_open, shm_unlink). Adding the following
   line to /etc/fstab should take care of this:

        tmpfs   /dev/shm        tmpfs   defaults        0 0

   Remember to create the directory that you intend to mount tmpfs on
   if necessary (/dev/shm is automagically created if you use devfs).

   This mount is _not_ needed for SYSV shared memory. The internal
   mount is used for that. (In the 2.3 kernel versions it was
   necessary to mount the predecessor of tmpfs (shm fs) to use SYSV
   shared memory)

3) Some people (including me) find it very convenient to mount it
   e.g. on /tmp and /var/tmp and have a big swap partition. And now
   loop mounts of tmpfs files do work, so mkinitrd shipped by most
   distributions should succeed with a tmpfs /tmp.
<unquote>

So it seems that the entry in the LFS fstab doesn't have much of a function 
since LFS uses sysvinit. Perhaps it's an idea to follow point 3 above??

I've been rebooting several times to see the results, everything seems fine 
sans /dev/shm entry and finally I see tmpfs doing something on /tmp

Cheers - Allard

-- 
allard at quicknet.nl




More information about the lfs-support mailing list