TUCoPS :: Unix :: General
:: unix5093.htm
Ada compiler /tmp race condition
12th Feb 2002 [SBWID-5093]
COMMAND
Ada compiler /tmp race condition
SYSTEMS AFFECTED
GNAT 3.12p
GNAT 3.13p
GNAT 3.14p
PROBLEM
In Florian Weimer [http://CERT.Uni-Stuttgart.DE/people/fw/] CERT
advisory [2002-02:01] :
The Ada language offers a facility to create named temporary files (see
ISO/IEC 8652:1995, section A.8.5.2). The GNAT run-time library creates
these temporary files in an unsafe way, which can result in exploitable
/tmp race conditions.
In addition, the procedure GNAT.OS_Lib.Create_Temp_File creates the
temporary file in the current directory and does not retry with a
different file name if the generated random file name has come into
existance before the file is opened using O_EXCL.
SOLUTION
The patch below replaces the calls to tmpnam() or mktemp() with ones to
mkstemp(). Of course, this only works on systems where mkstemp() is
available.
Patch for GNAT 3.14p:
http://cert.uni-stuttgart.de/files/fw/gnat-3.14p-mkstemp.diff