Dangerous behaviour of mktemp when unknown flags are used
John Spencer
maillist-busybox at barfooze.de
Tue Apr 10 02:24:24 UTC 2012
(this is busybox 1.19.2)
/src/build/zlib-1.2.6/Makefile:tempfile := $(shell mktemp -u __XXXXXX)
mktemp: illegal option: u
BusyBox v1.19.2 (2012-04-08 20:17:39 GMT) multi-call binary.
Usage: mktemp [-dt] [-p DIR] [TEMPLATE]
....
zlibs Makefile uses mktemp -u without testing if it returns a result and
then happily uses the variable to delete and create stuff.
i don't think it's a good idea that the binary doesn't ignore (or only
warn about the wrong config on stderr) and still return some usable
string to the caller.
-u, --dry-run
do not create anything; merely print a name (unsafe)
i don't think that option is hard to add btw, would probably only
involve about 5 loc.
--JS
More information about the busybox
mailing list