Opened 14 years ago

Closed 12 years ago

#2325 closed Bugs (fixed)

Use of tmpnam may produce spurious test results

Reported by: Dave Abrahams Owned by: Daniel James
Milestone: To Be Determined Component: iostreams
Version: Boost 1.36.0 Severity: Problem
Keywords: Cc:

Description

As described in http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html, tmpnam is subject to race conditions, which makes it especially bad for use in testing when testers are exploiting parallelism via threads or processes. Several files in the library are using tmpnam when they should use mkstemp.

Change History (10)

comment:1 by Jonathan Turkanis, 14 years ago

Status: newassigned

comment:2 by Douglas Gregor, 14 years ago

Resolution: fixed
Status: assignedclosed

(In [48922]) CodeGear C++ fix, from Nicola Musatti. Fixes #2325

comment:3 by Douglas Gregor, 14 years ago

Resolution: fixed
Status: closedreopened

Oops! Typo in my commit message accidentally closed this bug. Re-opening.

comment:4 by Daniel James, 13 years ago

Milestone: Boost 1.37.0To Be Determined
Owner: changed from Jonathan Turkanis to Daniel James
Status: reopenednew

comment:5 by Steven Watanabe, 12 years ago

Boost.Filesystem v3 has a unique_path function that should work better, as it uses CryptGenRandom to create the file name.

comment:6 by Daniel James, 12 years ago

(In [63429]) Use unique_path instead of tmpnam. Refs #2325.

comment:7 by Daniel James, 12 years ago

(In [63433]) Fix call to unique_path on windows. Refs #2325.

comment:8 by Daniel James, 12 years ago

(In [63502]) Merge iostreams.

  • New constructors/open for file descriptors. Fixes #3517.
  • Use unique_path instead of tmpnam. Refs #2325.

comment:9 by Daniel James, 12 years ago

(In [63711]) Use unique_path instead of tmpnam. Refs #2325.

comment:10 by Dean Michael Berris, 12 years ago

Resolution: fixed
Status: newclosed

It looks like this already in trunk. Marking as fixed.

Note: See TracTickets for help on using tickets.