Home My Page Projects Code Snippets Project Openings SML/NJ Bugs
Summary Activity Tracker Lists

[#128] Basis spec violation, race condition in OS.Filesys.tmpName()

2014-08-05 18:50
Submitted by:
Bug Submitter (webuser)
Assigned to:
Nobody (None)
Machine Architecture:
Operating System:
Generic Unix
Basis Library
OS Version:
SML/NJ Version:
Basis, runtime, race condition, tmpName, tmpnam
Transcript (of reproduction):
% echo \OS.Process.system (\ls -l \ ^ (OS.FileSys.tmpName ())) ;\ | sml Standard ML of New Jersey v110.76 [built: Tue Aug 5 19:15:55 2014] - [autoloading] [library $SMLNJ-BASIS/basis.cm is stable] [autoloading done] ls: /tmp/tmp.0.oRn8hh: No such file or directory val it = 1 : OS.Process.status -
Source (for reproduction):
OS.Process.system (\ls -l \ ^ (OS.FileSys.tmpName ()))
Basis spec violation, race condition in OS.Filesys.tmpName()

Detailed description
The changelog of the Basis library specification [1] says ...

July 14, 2003
Fixed the semantics of OS.FileSys.tmpName to avoid a race condition.

... which is in line with the security considerations in the man page
of tmpnam [2]. And the (corrected) specification of tmpName [3] is
approximately that of mkstemp [4]:

val tmpName : unit - string

This creates a new empty file with a unique name and returns the full
pathname of the file. The named file will be readable and writable by
the creating process, but, if the host operating systems supports it,
not accessible by other users. This function can be used to create a
temporary file that will not collide with other applications. This
function raises SysErr if it cannot create the unique file or filename.

Unfortunately the current SML/NJ implementation of the tmpName
function [5] in base/runtime/c-libs/posix-os/tmpname.c ...

ml_val_t _ml_OS_tmpname (ml_state_t *msp, ml_val_t arg)
char buf[L_tmpnam];
tmpnam (buf);
return ML_CString (msp, buf);
} /* end of _ml_OS_tmpname */

... obviously dates back to a state of the Basis specification before
the acknowledgement of the race condition of tmpName (when it is
implemented by tmpnam).

[1] http://sml-family.org/Basis/history.html#section:14
[2] http://www.freebsd.org/cgi/man.cgi?query=tmpnammanpath=FreeBSD+10.0-RELEASE#end
[3] http://sml-family.org/Basis/os-file-sys.html#SIG:OS_FILE_SYS.tmpName:VAL
[4] http://www.freebsd.org/cgi/man.cgi?query=mkstempmanpath=FreeBSD+10.0-RELEASE
[5] http://smlnj-gforge.cs.uchicago.edu/scm/viewvc.php/sml/trunk/runtime/c-libs/posix-os/tmpname.c?view=markuproot=smlnj
Additional comments:
After applying the patch below and rebuilding SML/NJ,
tmpName creates a temporary file, which is owned by the
user running sml and only accessible by that user, as
demanded by the Basis library specification:

% echo \OS.Process.system (\ls -l \ ^ (OS.FileSys.tmpName ())) ;\ | sml
Standard ML of New Jersey v110.76 [built: Tue Aug 5 19:51:42 2014]
- [autoloading]
[library $SMLNJ-BASIS/basis.cm is stable]
[autoloading done]
-rw------- 1 me mygroup 0 Aug 5 19:53 /tmp/TMP-SMLNJ.bDy50W
val it = 0 : OS.Process.status

--- base/runtime/c-libs/posix-os/tmpname.c.orig 2000-06-01 20:34:03.000000000 +0200
+++ base/runtime/c-libs/posix-os/tmpname.c 2014-08-04 18:10:55.000000000 +0200
@@ -4,8 +4,11 @@

#include stdio.h
+#include string.h
+#include unistd.h
#include \ml-base.h\
#include \ml-values.h\
+#include \ml-c.h\
#include \ml-objects.h\
#include \cfun-proto-list.h\

@@ -13,9 +16,18 @@
ml_val_t _ml_OS_tmpname (ml_state_t *msp, ml_val_t arg)
- char buf[L_tmpnam];
- tmpnam (buf);
+ char template[] = \/tmp/TMP-SMLNJ.XXXXXX\;
+ char buf[sizeof(template)];
+ int fd;
+ strcpy (buf, template);
+ fd = mkstemp (buf);
+ if (fd == -1)
+ return RAISE_SYSERR(msp, -1);
+ else
+ close (fd);

return ML_CString (msp, buf);

Submitted via web form by Johannes 5 Joemann joemann@beefree.free.de


Message  ↓
Date: 2014-08-17 19:05
Sender: John Reppy

Fixed for 110.77

Attached Files:


Field Old Value Date By
status_idOpen2014-08-17 19:05jhr
summaryBasis spec violation, race condition: base/runtime/c-libs/posix-os/tmpname.c2014-08-17 19:05jhr
close_date2014-08-17 19:052014-08-17 19:05jhr
ResolutionNone2014-08-17 19:05jhr