From citrin@mf1.rambler.ru  Thu Jan 25 17:39:11 2007
Return-Path: <citrin@mf1.rambler.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 92B1F16A402
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 25 Jan 2007 17:39:11 +0000 (UTC)
	(envelope-from citrin@mf1.rambler.ru)
Received: from mf1.rambler.ru (mf1.rambler.ru [81.19.66.146])
	by mx1.freebsd.org (Postfix) with ESMTP id 20FD813C45A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 25 Jan 2007 17:39:10 +0000 (UTC)
	(envelope-from citrin@mf1.rambler.ru)
Received: from mf1.rambler.ru (localhost [127.0.0.1])
	by mf1.rambler.ru (8.13.8/8.13.8) with ESMTP id l0PHQtZn032733
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 25 Jan 2007 20:26:55 +0300 (MSK)
	(envelope-from citrin@mf1.rambler.ru)
Received: (from citrin@localhost)
	by mf1.rambler.ru (8.13.8/8.13.8/Submit) id l0PHQtMF032732;
	Thu, 25 Jan 2007 20:26:55 +0300 (MSK)
	(envelope-from citrin)
Message-Id: <200701251726.l0PHQtMF032732@mf1.rambler.ru>
Date: Thu, 25 Jan 2007 20:26:55 +0300 (MSK)
From: Anton Yuzhaninov <citrin@rambler-co.ru>
Reply-To: Anton Yuzhaninov <citrin@rambler-co.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: tmpnam(3) should note that that TMPDIR env may be ignored
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         108346
>Category:       docs
>Synopsis:       [patch] tmpnam(3) should note that that TMPDIR env may be ignored
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 25 17:40:21 GMT 2007
>Closed-Date:    Fri Mar 23 21:03:50 GMT 2007
>Last-Modified:  Fri Mar 23 21:03:50 GMT 2007
>Originator:     Anton Yuzhaninov
>Release:        FreeBSD 6.2-RELEASE amd64
>Organization:
Rambler
>Environment:
>Description:
tmpnam(3) should note that that tmpfile() ignore TMPDIR environment variable if
issetugid(3) return non zero.
>How-To-Repeat:
>Fix:

Anything like this:

--- lib/libc/stdio/tmpnam.3.orig        Thu Jan 25 20:02:50 2007
+++ lib/libc/stdio/tmpnam.3     Thu Jan 25 20:19:59 2007
@@ -156,6 +156,16 @@
 .Dv NULL
 pointer
 on error.
+.Sh ENVIRONMENT
+The
+.Fn tmpfile
+ignores the
+.Ev TMPDIR
+environment variable if process created as a result of an
+.Xr execve 2
+system call which had either of the setuid or setgid bits set (and extra
+privileges were given as a result) or if it has changed any of its real,
+effective or saved user or group ID's since it began execution.
 .Sh COMPATIBILITY
 These interfaces are provided from System V and
 .Tn ANSI
@@ -228,7 +238,8 @@
 the FSA.)
 .Sh SEE ALSO
 .Xr mkstemp 3 ,
-.Xr mktemp 3
+.Xr mktemp 3 ,
+.Xr issetugid 2
 .Rs
 .%T "The FreeBSD Security Architecture"
 .Re
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Fri Mar 16 21:46:46 UTC 2007 
State-Changed-Why:  
Fixed in HEAD.  Thanks for the report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=108346 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/108346: commit references a PR
Date: Fri, 16 Mar 2007 21:46:32 +0000 (UTC)

 maxim       2007-03-16 21:46:24 UTC
 
   FreeBSD src repository
 
   Modified files:
     lib/libc/stdio       tmpnam.3 
   Log:
   o Add ENVIRONMENT section and mention there that TMPDIR is ignored
   when issetugid(3) is true.
   
   PR:             docs/108346
   Obtained from:  OpenBSD
   MFC after:      1 week
   
   Revision  Changes    Path
   1.20      +14 -1     src/lib/libc/stdio/tmpnam.3
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Fri Mar 23 21:03:30 UTC 2007 
State-Changed-Why:  
Merged to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=108346 
>Unformatted:
