oneTBB icon indicating copy to clipboard operation
oneTBB copied to clipboard

Published 20 hours ago verified publisher icon oneapi-src

libirml.x86_64 calls mktemp. mkstemp is preferred

Open mysticrecords opened this issue 1 year ago • 6 comments

when building packages 1 warning is reported

[   73s] RPMLINT report:
[   73s] ===============
[   73s] libirml1.x86_64: W: call-to-mktemp /usr/lib64/libirml.so.1
[   73s] This executable calls mktemp. As advised by the manpage (mktemp(3)), this
[   73s] function should be avoided. Some implementations are deeply insecure, and
[   73s] there is a race condition between the time of check and time of use (TOCTOU).
[   73s] See http://capec.mitre.org/data/definitions/29.html for details, and contact
[   73s] upstream to have this issue fixed.
[   73s] 
[   73s] 7 packages and 0 specfiles checked; 0 errors, 1 warnings.

mkstemp is preferred.

mysticrecords avatar Nov 17 '23 08:11 mysticrecords

Could you please clarify what version of TBB are you building? And in what environment?

pavelkumbrasev avatar Nov 17 '23 13:11 pavelkumbrasev

@pavelkumbrasev

Current master:

https://github.com/oneapi-src/oneTBB/blob/f71c92ae4a36c9ae4ebb85c81276ae287fc6fdc6/python/rml/ipc_server.cpp#L171-L172

phprus avatar Nov 17 '23 13:11 phprus

I know we still have RML code base for a Python distributions. I want to clarify when and how this problem appears.

pavelkumbrasev avatar Nov 17 '23 13:11 pavelkumbrasev

Could you please clarify what version of TBB are you building? And in what environment?

Yea of course, it is version 2021.10 and building in opensuse Leap15.5 environment

mysticrecords avatar Nov 20 '23 09:11 mysticrecords

@pavelkumbrasev is this issue still relevant?

arunparkugan avatar Aug 13 '24 08:08 arunparkugan

Yes, the issue is still relevant. However, community contribution with the fix is preferred.

pavelkumbrasev avatar Aug 13 '24 11:08 pavelkumbrasev