Ada compiler /tmp race condition
12th Feb 2002 [SBWID-5093]

	Ada compiler /tmp race condition


	 GNAT 3.12p

	 GNAT 3.13p

	 GNAT 3.14p



	In   Florian   Weimer   [http://CERT.Uni-Stuttgart.DE/people/fw/]   CERT
	advisory [2002-02:01] :

	The Ada language offers a facility to create named temporary files  (see
	ISO/IEC 8652:1995, section A.8.5.2). The GNAT run-time  library  creates
	these temporary files in an unsafe way, which can result in  exploitable
	/tmp race conditions.

	In addition,  the  procedure  GNAT.OS_Lib.Create_Temp_File  creates  the
	temporary file in the current  directory  and  does  not  retry  with  a
	different file name if the generated random  file  name  has  come  into
	existance before the file is opened using O_EXCL.


	The patch below replaces the calls to tmpnam() or mktemp() with ones  to
	mkstemp(). Of course, this only works  on  systems  where  mkstemp()  is

	Patch for GNAT 3.14p:


