Path: utzoo!utgpu!watserv1!watmath!att!pacbell!pacbell.com!ames!uakari.primate.wisc.edu!samsung!uunet!mtndew!friedl
From: friedl@mtndew.UUCP (Stephen J. Friedl)
Newsgroups: comp.bugs.sys5
Subject: Bug in tempnam(3) function
Summary: access(2) should require a license :-(
Message-ID: <433@mtndew.UUCP>
Date: 4 Jun 90 05:24:26 GMT
Organization: VSIFAX Tech Center
Lines: 34

Once again we find another library function that uses access(2)
in the wrong way.  Tempnam(3), called with

	char *tempnam(dir, pfx)
	char	*dir, *pfx;

makes a temp file name in the mentioned directory with the given
prefix and returns it.  If the directory suggested by the user is
not available, /tmp is used as a last resort (although I have
seen /usr/tmp used too).

Imagine writing an lp spooler and the "lp" command takes stdin.
The program might do something like:

	fname = tempname("/usr/lp/temp", "d-");

assuming that the filename will be built in the suggested place.
If the lp command is setgid lp *and* the underlying user cannot
write to /usr/lp/temp (but presumably the lp gid can), the file
will get stuck in /tmp or /usr/tmp.  Now reboot your machine and
watch your print request disappear.

Please, everybody, if you think that access is a handy does-the-
file-exist function you are very wrong, and it's a safe bet that
it does not belong.  Email will get a pretty detailed note on why
access(2) is evil.

     Steve

-- 
Stephen J. Friedl, KA8CMY / Software Consultant / Tustin, CA / 3B2-kind-of-guy
+1 714 544 6561  / friedl@mtndew.Tustin.CA.US  / {uunet,attmail}!mtndew!friedl

"I will defend to your death my right to my opinion" - me