[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor_compile funnies on RHEL5



On Mon, 7 Jan 2008, Richard Gillman wrote:

When I do a condor_compile on a RHEL5 system, I get
warning: the use of `tmpnam' is dangerous, better use `mkstemp'
warning: the `gets' function is dangerous and should not be used.

These functions are not any more dangerous on RHEL5 than on any other platform -- it's just that you may have not gotten the warnings before.
You will get this warning if anything your program links in calls
tmpnam or gets, you don't have to call it directly in your code.

Tmpnam and gets are both dangerous because they can easily cause buffer
overflows.

I've tried it on two different RHEL5 boxes, both give the same result.
The programs is a loop and a call to "ckpt", and appears to run OK.

Yes, if it worked on another platform it won't suddenly fail on RHEL5 because of these warnings.

I've using the RHEL3 version of 6.8.7 and 6.8.8.
/nerc/packages/condor/6.8.7/rhel3/condor-6.8.7/bin/condor_compile
/packages/condor/6.8.8/rhel3/condor-6.8.8/bin/condor_compile

Should I worry?

Well, ideally yes, you should get rid of the tmpnam and gets calls.
But if they're not in your code (e.g., they're called in a library) there's not much you can do about it.

But as I said, you're not any worse off than you were before -- you just didn't know about the risks until now....

Kent Wenger
Condor Team