On Wed, Dec 01, 2004 at 11:25:50PM -0500, Michael G Schwern wrote:
>On Thu, Dec 02, 2004 at 01:42:17PM +1100, Brendan O'Dea wrote:
>> --- perl-5.8.4.orig/ext/DB_File/t/db-recno.t 2003-12-28 07:37:53.000000000
>> +1100
>> +++ perl-5.8.4/ext/DB_File/t/db-recno.t 2004-11-07 02:07:29.000000000
>> +1100
>> @@ -1198,7 +1198,7 @@
>>
>> my $testnum = 181;
>> my $failed = 0;
>> -require POSIX; my $tmp = POSIX::tmpnam();
>> +my $tmp = "dbr$$";
>
>POSIX::tmpnam() is eliminated here...
I believe that all the tests were changed to consistently use the
current directory.
>> --- perl-5.8.4.orig/ext/Devel/PPPort/PPPort.pm 2003-12-15
>> 18:56:37.000000000 +1100
>> +++ perl-5.8.4/ext/Devel/PPPort/PPPort.pm 2004-11-07 02:07:29.000000000
>> +1100
>> @@ -349,13 +349,19 @@
>> }
>>
>> if ($changes) {
>> - open(OUT,">/tmp/ppport.h.$$");
>> + require POSIX; use Fcntl;
>> + for(;;) {
>> + $tmp = POSIX::tmpnam();
>> + sysopen(OUT, $tmp, O_CREAT|O_WRONLY|O_EXCL, 0700) && last;
>> + }
>> +
>
>...but its added here. Why?
Because /tmp/X.$$ is unsafe due to predictability. tmpname() suffers
from the same problem, but should be safe to use as patched (i.e. in a
loop with O_EXCL).
File::Temp would be better though.
>> + my ($fh, $tmp) = File::Temp::tempfile(UNLINK => 1);
>> + $fh->print(join("\n", $Inst->files($module)));
>> + $fh->close();
>> + # This used to use -I which is wrong for GNU tar.
>> + system("tar cvf $file -T $tmp");
>> + unlink($tmp);
>
>I believe that unlink is redundant.
Probably. It's also harmless.
--bod
