Modify

Ticket #2325 (closed Bugs: fixed)

Opened 6 years ago

Last modified 3 years ago

Use of tmpnam may produce spurious test results

Reported by: dave Owned by: danieljames
Milestone: To Be Determined Component: iostreams
Version: Boost 1.36.0 Severity: Problem
Keywords: Cc:

Description

As described in  http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html, tmpnam is subject to race conditions, which makes it especially bad for use in testing when testers are exploiting parallelism via threads or processes. Several files in the library are using tmpnam when they should use mkstemp.

Attachments

Change History

comment:1 Changed 6 years ago by turkanis

  • Status changed from new to assigned

comment:2 Changed 6 years ago by dgregor

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [48922]) CodeGear? C++ fix, from Nicola Musatti. Fixes #2325

comment:3 Changed 6 years ago by dgregor

  • Status changed from closed to reopened
  • Resolution fixed deleted

Oops! Typo in my commit message accidentally closed this bug. Re-opening.

comment:4 Changed 4 years ago by danieljames

  • Owner changed from turkanis to danieljames
  • Status changed from reopened to new
  • Milestone changed from Boost 1.37.0 to To Be Determined

comment:5 Changed 4 years ago by steven_watanabe

Boost.Filesystem v3 has a unique_path function that should work better, as it uses CryptGenRandom? to create the file name.

comment:6 Changed 4 years ago by danieljames

(In [63429]) Use unique_path instead of tmpnam. Refs #2325.

comment:7 Changed 4 years ago by danieljames

(In [63433]) Fix call to unique_path on windows. Refs #2325.

comment:8 Changed 4 years ago by danieljames

(In [63502]) Merge iostreams.

  • New constructors/open for file descriptors. Fixes #3517.
  • Use unique_path instead of tmpnam. Refs #2325.

comment:9 Changed 4 years ago by danieljames

(In [63711]) Use unique_path instead of tmpnam. Refs #2325.

comment:10 Changed 3 years ago by mikhailberis

  • Status changed from new to closed
  • Resolution set to fixed

It looks like this already in trunk. Marking as fixed.

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.