|
Home About Us A-Z Index Search * Contact Us Register Login Press ShopThe Open Brand -- Problem Reporting and Interpretations System |
Problem Report 0338 Details Show help | Quick Search | Submit a Test Suite Support Request | Click here to view your privileges
This page provides all information on Problem Report 0338.
Report 0338 Actions
Problem Report Number 0338 Submitter's Classification Specification problem State Resolved Resolution Permanent Interpretation (PIN) Problem Resolution ID PIN.X.0054 Raised 1995-12-07 08:00 Updated 2003-03-13 08:00 Published 1995-12-14 08:00 Product Standard Internationalised System Calls and Libraries (XPG4) Certification Program The Open Brand certification program Test Suite VSX4 version 4.3.5 Test Identification ANSI.os/streamio/tmpfile 2 Specification System Interfaces and Headers Issue 4 Location in Spec See Problem Text Problem Summary PIN4.054 The test asserts the mode of a file whose name is visible only between an open() and an immediate unlink() . Our implementation restricts the mode so as to close a possible security hole. The attached... Problem Text
The test asserts the mode of a file whose name is visible
only between an open() and an immediate unlink() . Our implementation
restricts the mode so as to close a possible security hole.
The attached IEEE POSIX 1003.1-90 Interpretation indicates that our
behaviour is conforming and that there
is a contradiction between the Test methods standard and the Base
standard.
_____________________________________________________________________________
(c) 1995 by the Institute of Electrical and Electronics Engineers Inc.
All Rights Reserved. Not to be published in full or in part
without prior written permission from the IEEE.
PASC Interpretation reference
1003.1-90 #74
_____________________________________________________________________________
Interpretation Number: XXXX
Topic: tmpfile
Relevant Sections: 8.2.3.9
Classification:
Interpretation Request:
-----------------------
This is a request for interpretation of IEEE standard 1003.1-1990 (ISO
9945-1:1990)
Section 8.2.3.9 tmpfile(), line 398-399 describes the tmpfile()
function as "tmpfile() shall allocate a file descriptor as fopen() does".
The fopen() descriptions states "The fopen() function shall allocate
a file descriptor as open() does".
Many common implementations return a file descriptor for an unlinked file.
Is it conforming for tmpfile() to call open() with a mode of zero, so
that the temporary file created in the file namespace prior to
unlinking be protected from access by other users ?
POSIX 2003.1 has an assertion 8.2.3.9-05(B) that would say
that it is not conforming; the assertion states:
"When a call to tmpfile() creates a file, then the file permission bits
are set to allow both reading and writing for owner, for group, and
for other users except for those bits set in the process's file mode
creation mask. No execute (search) permission bits are set. The user
ID of the file is set to the process's effective user ID and the group
ID of the file is set to the process's effective group ID or to the
group owner of its parent directory."
This assertion relates to the references between tmpfile() -> fopen() -> open().
It appears to us that this requirement is beyond the specification in
P1003.1 for tmpfile() which is to allocate a file descriptor and that this
requirement in P2003.1 should be noted as incorrect.
IEEE Interpretation for 1003.1-1990 (1003.1-90 #74)
-----------------------------------
Yes it is conforming. The standard clearly does not require a
particular implementation of tmpfile(), just that
a file descriptor be allocated.
This is a conflict between the P1003.1 base standard and the P2003.1
test method standard. The test method standard clearly indicates that a
conforming test suite is required to test this, however the base
standard indicates that a conforming implementation may fail such a test.
This situation is being referred to the sponsor(s).
Rationale for Interpretation:
-----------------------------
None.
Forwarded to Interpretation group: Aug 30 1995
Resolution forwarded for review: Oct 18 1995
Finalised: Nov 21 1995Test Output
************************************************************************
/tset/ANSI.os/streamio/tmpfile/T.tmpfile 2 Failed
Test Description:
When a call to tmpfile() creates a file, then the file permission bits
are set to allow both reading and writing for owner, for group, and
for other users except for those bits set in the process's file mode
creation mask. No execute (search) permission bits are set. The user
ID of the file is set to the process's effective user ID and the group
ID of the file is set to the process's effective group ID or to the
group owner of its parent directory
Posix Ref: Component TMPFILE Assertion 8.2.3.9-05(B)
Test Strategy:
CREATE child process
EXECUTE new program
SUBPROGRAM:
CREATE a temporary file using tmpfile()
OBTAIN file descriptor for stream using fileno()
VERIFY mode and owner of file are as expected, using fstat()
CLOSE stream using fclose()
RESET the file creation mask
CREATE a temporary file using tmpfile()
OBTAIN file descriptor for stream using fileno()
SET all bits in the file protection mask for this process
VERIFY mode and owner of file are as expected, using fstat()
CLOSE stream using fclose()
Test Information:
tmpfile() did not creat file with mode 0666 when umask was set to 0,
found 0
************************************************************************
Review Information
Review Type TSMA Review Start Date null Completed null Status Complete Review Recommendation No Resolution Given Review Response
In the light of the interpretation of the IEEE 1003.1 standard it is recommended
that a permanent interpretation is granted.
Review Type SA Review Start Date null Completed null Status Complete Review Resolution Permanent Interpretation (PIN) Review Conclusion
A Permanent Interpretation is granted.
Problem Reporting System Options:
- View Report 0338
- List All PRs
- Search Reports
- Email the System Administrator
- View the The Open Brand Interpretations Database User Manual
Contact the Certification Authority