[kaffe] Re: 'mktemp' check in configure (or kaffe shell script does not work)

[Dalibor Topic]

Helmer Kr=E4mer wrote:
> On Tue, 30 Sep 2003 15:53:33 +0900 (JST)
> Kiyo Inaba <inaba@src.ricoh.co.jp> wrote:
>=20
> Hi,
>=20
>=20
>>I said,
>>
>>>As the subject line says, configure.in version 1.200 introduced existe=
nce check
>>>for 'mktemp' command, but it does not change anything for configure sc=
ript.
>>>This command is used in 'kaffe' shell script and if we don't have mkte=
mp
>>>(well, this is the case for me on Solaris) the final 'kaffe' script do=
es
>>>not work properly if you set debug flag.
>>
>>If we don't do anything while configure for missing mktemp, then I thin=
k
>>this check is not needed anyway. Or, of course we can warn the user whi=
le
>>configure for the missing tool (or, just say 'See FAQ.requiredlibrary').
>=20
>=20
> AFAIK, mktemp is used to generate a unique filename which can
> be used for a small gdb script that's passed via -command to
> gdb. Why do we have to use mktemp here anyways? I think if someone
> wants to debug kaffe, they'll be well able to imagine a unique
> filename and set KAFFE_DEBUG_TEMPFILE accordingly, don't they?

I see two reasons that speak for using mktemp.

a) convenience of use (one you have mktemp installed). you don't need to=20
bother submitting a temp file to the script. you don't need to know why=20
you'd need to submit it.
b) security. mktemp creates secure temp files, where as the old method=20
(let the user pick a file, or worse, use a pseudo random /tmp file) can=20
lead to exploitable security holes. See=20
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D191866

so I'd propose adding an informative warning message to configure.in if=20
mktemp is not found, and documenting it in FAQ.requiredlibrary. On the=20
other hand, if you feel that the manual solution is better, I don't mind=20
if you convert the code back to manual setting of KAFFE_DEBUG_TEMPFILE.

cheers,
dalibor topic