bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/29534] New: dllwrap, windres and dlltools use mktemp, whic


From: ralf.habacker at freenet dot de
Subject: [Bug binutils/29534] New: dllwrap, windres and dlltools use mktemp, which should be avoided
Date: Mon, 29 Aug 2022 10:39:43 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=29534

            Bug ID: 29534
           Summary: dllwrap, windres and dlltools use mktemp, which should
                    be avoided
           Product: binutils
           Version: 2.39
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: ralf.habacker at freenet dot de
  Target Milestone: ---

When compiling binutils cross-support packages under OBS, rpmlint raises the
following issues:

mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/bin/x86_64-w64-mingw32-dllwrap
mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/bin/x86_64-w64-mingw32-windres
mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/x86_64-w64-mingw32/bin/dlltool
This executable calls mktemp. As advised by the manpage (mktemp(3)), this
function should be avoided. Some implementations are deeply insecure, and
there is a race condition between the time of check and time of use (TOCTOU).
See http://capec.mitre.org/data/definitions/29.html for details, and contact
upstream to have this issue fixed.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]