On Jan 9, 2008 1:34 PM, R. Kent Wenger <
wenger@xxxxxxxxxxx> wrote:
On Mon, 7 Jan 2008, Richard Gillman wrote:
> When I do a condor_compile on a RHEL5 system, I get
> warning: the use of `tmpnam' is dangerous, better use `mkstemp'
> warning: the `gets' function is dangerous and should not be used.
These functions are not any more dangerous on RHEL5 than on any other
platform -- it's just that you may have not gotten the warnings before.
You will get this warning if anything your program links in calls
tmpnam or gets, you don't have to call it directly in your code.
Tmpnam and gets are both dangerous because they can easily cause buffer
overflows.
> I've tried it on two different RHEL5 boxes, both give the same result.
> The programs is a loop and a call to "ckpt", and appears to run OK.
Yes, if it worked on another platform it won't suddenly fail on RHEL5
because of these warnings.
> I've using the RHEL3 version of 6.8.7 and 6.8.8.
> /nerc/packages/condor/6.8.7/rhel3/condor-
6.8.7/bin/condor_compile
> /packages/condor/6.8.8/rhel3/condor-6.8.8/bin/condor_compile
>
> Should I worry?
Well, ideally yes, you should get rid of the tmpnam and gets calls.
But if they're not in your code (
e.g., they're called in a library)
there's not much you can do about it.
But as I said, you're not any worse off than you were before -- you just
didn't know about the risks until now....
Kent Wenger
Condor Team
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx
with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}