cvs commit: src/usr.bin/make job.c
Max Okumoto
okumoto at ucsd.edu
Tue May 17 10:02:34 PDT 2005
Alexander Leidinger wrote:
> Max Okumoto <okumoto at ucsd.edu> wrote:>
>> If I use mkdtemp(), there is a chance that someone with the
>> same UID could race to build the fifo. Do we care about
>> races with ourselves? Or am I just being toooo paranoid? :-)
> Are you sure? mkdtemp() generates a "random" name like mkstemp() does,
> so the race would have existed already before (but the probability is
> very low that two make instances generate the same name)...
>
> Bye,
> Alexander.
Its not a race between two nice programs :-) The function mkdtmp()
creates a uniq directory, but make would then need to create a fifo
in it. (This is two steps, and thus can allow a race)
Assume badmake has same uid, so it can create a file in the uniq
directory. (Of course this means that the bad guy already has
your account.)
Max
Normal pattern:
---------------------
make0: uses mkdtmp() to create dir /tmp/4321
make0: tries to create fifo /tmp/4321
make1: uses mkdtmp() to create dir /tmp/4321 but fails
make1: mkdtmp() next tries to create /tmp/4322 successs
make1: tries to create fifo /tmp/4322
Sort of DOS:
---------------------
make: uses mkdtmp() to create /tmp/1234/
badmake: watches for creation of /tmp/1234/ and
creates /tmp/1234/fifo.
make: tries to create /tmp/1234/fifo fails.
More information about the cvs-src
mailing list