adendum to: Re: LFS 5.0 Patch-2.5.4 Chapt 5 mktemp
allard at nospam.nl
Fri Jan 23 16:12:38 PST 2004
> On Friday 23 January 2004 23:51, jmh wrote:
> > patch.o(.text+0x2d22): In function 'make_temp':...use of
> > mktemp is dangerous, better use 'mkstemp'
> > during make.
> > Is this something to fix or should I just ignore it?
> > jmh
> mktemp and mkstemp do the same thing (both create a unique temporary file)
> except that mkstemp gaurantees that no other process can accidentally
> create a file with the same name (verry small chance) by opening it for you
> at the same time with 0600 (r/w) permissions. The issue is security
> related. There is a small chance that a malicious hacker will pirate the
> process by substituting a temporary file created in this manner with a
> another containing some malicious content. (see chapters_14.html#SEC296 of
> the libc manual).
> Seeing the program I'm working on at the moment is not co-operating,
> perhaps I'll take a look - bit tipsy right now, but I'll try to remember.
> Regards - Allard
Thought I'd do some reading instead. The following is from linux-2.4.24/
Documentation/filesystems/tmpfs.txt as I'm sure you've all studied diligently
2) glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
POSIX shared memory (shm_open, shm_unlink). Adding the following
line to /etc/fstab should take care of this:
tmpfs /dev/shm tmpfs defaults 0 0
Remember to create the directory that you intend to mount tmpfs on
if necessary (/dev/shm is automagically created if you use devfs).
This mount is _not_ needed for SYSV shared memory. The internal
mount is used for that. (In the 2.3 kernel versions it was
necessary to mount the predecessor of tmpfs (shm fs) to use SYSV
3) Some people (including me) find it very convenient to mount it
e.g. on /tmp and /var/tmp and have a big swap partition. And now
loop mounts of tmpfs files do work, so mkinitrd shipped by most
distributions should succeed with a tmpfs /tmp.
So it seems that the entry in the LFS fstab doesn't have much of a function
since LFS uses sysvinit. Perhaps it's an idea to follow point 3 above??
I've been rebooting several times to see the results, everything seems fine
sans /dev/shm entry and finally I see tmpfs doing something on /tmp
Cheers - Allard
allard at quicknet.nl
More information about the lfs-support