[sane-devel] [Janitorial] Zero(!) compiler warnings
ABC
abc at telekom.ru
Fri Sep 23 10:00:53 UTC 2016
On Thu, Sep 22, 2016 at 11:09:03PM +0900, Olaf Meeuwissen wrote:
> > To what mktemp() should be replaced? Will there be sanei function to
> > drop-in replace it?
>
> The mktemp(3) manual page suggests mkstemp (POSIX.1-2001, not in C99).
> That is used by the bh and pieusb backends. You can also use tmpfile
> (POSIX.1-2001, POSI.1-2008 and in C99), which is what I used in my patch
> for the avision backend (not pushed yet).
I feared that mkstemp and tmpfile are not available on all platforms
supported by sane-backends.
> I wasn't thinking of providing a sanei function for this.
I think, if many libc authors wasn't able to design and implement good
enough mktemp() from the first attempt, how is average sane contributor
could be expected to do better? Just saying 'do not use mktemp' can
produce even worse results (see below).
> Note that mktemp() only creates a file*name* so the O_EXCL is not an
> issue then and calling fopen() or open() isn't subject to this flag
> unless passed explicitly. Child processes inherit non-exclusive open
> file descriptors.
Main security problem with mktemp is chance of opening precreated file,
which impact could be mitigated with open() with O_EXCL flag. (Or
fopen() with "x" flag, but I don't know how portable it's again.) In
that regard, mktemp() can not be worse than opening static filename,
like pieusb_specific.c, avision.c, canon630u-common.c, pnm.c,
xerox_mfp.c are currently doing.
-abc
More information about the sane-devel
mailing list