Modify

Opened 9 years ago

Closed 7 years ago

#2325 closed Bugs (fixed)

Use of tmpnam may produce spurious test results

Reported by: dave Owned by: danieljames
Milestone: To Be Determined Component: iostreams
Version: Boost 1.36.0 Severity: Problem
Keywords: Cc:

Description

As described in http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html, tmpnam is subject to race conditions, which makes it especially bad for use in testing when testers are exploiting parallelism via threads or processes. Several files in the library are using tmpnam when they should use mkstemp.

Attachments (0)

Change History (10)

comment:1 Changed 9 years ago by turkanis

  • Status changed from new to assigned

comment:2 Changed 9 years ago by dgregor

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [48922]) CodeGear? C++ fix, from Nicola Musatti. Fixes #2325

comment:3 Changed 9 years ago by dgregor

  • Resolution fixed deleted
  • Status changed from closed to reopened

Oops! Typo in my commit message accidentally closed this bug. Re-opening.

comment:4 Changed 7 years ago by danieljames

  • Milestone changed from Boost 1.37.0 to To Be Determined
  • Owner changed from turkanis to danieljames
  • Status changed from reopened to new

comment:5 Changed 7 years ago by steven_watanabe

Boost.Filesystem v3 has a unique_path function that should work better, as it uses CryptGenRandom? to create the file name.

comment:6 Changed 7 years ago by danieljames

(In [63429]) Use unique_path instead of tmpnam. Refs #2325.

comment:7 Changed 7 years ago by danieljames

(In [63433]) Fix call to unique_path on windows. Refs #2325.

comment:8 Changed 7 years ago by danieljames

(In [63502]) Merge iostreams.

  • New constructors/open for file descriptors. Fixes #3517.
  • Use unique_path instead of tmpnam. Refs #2325.

comment:9 Changed 7 years ago by danieljames

(In [63711]) Use unique_path instead of tmpnam. Refs #2325.

comment:10 Changed 7 years ago by mikhailberis

  • Resolution set to fixed
  • Status changed from new to closed

It looks like this already in trunk. Marking as fixed.

Add Comment

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain danieljames.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.