https://sourceware.org/bugzilla/show_bug.cgi?id=29534
Bug ID: 29534
Summary: dllwrap, windres and dlltools use mktemp, which should
be avoided
Product: binutils
Version: 2.39
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: ralf.habacker at freenet dot de
Target Milestone: ---
When compiling binutils cross-support packages under OBS, rpmlint raises the
following issues:
mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/bin/x86_64-w64-mingw32-dllwrap
mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/bin/x86_64-w64-mingw32-windres
mingw64-cross-binutils.x86_64: W: call-to-mktemp
/usr/x86_64-w64-mingw32/bin/dlltool
This executable calls mktemp. As advised by the manpage (mktemp(3)), this
function should be avoided. Some implementations are deeply insecure, and
there is a race condition between the time of check and time of use (TOCTOU).
See http://capec.mitre.org/data/definitions/29.html for details, and contact
upstream to have this issue fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
