COMMAND

	Ada compiler /tmp race condition

SYSTEMS AFFECTED

	 GNAT 3.12p

	 GNAT 3.13p

	 GNAT 3.14p

	

PROBLEM

	In   Florian   Weimer   [http://CERT.Uni-Stuttgart.DE/people/fw/]   CERT
	advisory [2002-02:01] :
	

	The Ada language offers a facility to create named temporary files  (see
	ISO/IEC 8652:1995, section A.8.5.2). The GNAT run-time  library  creates
	these temporary files in an unsafe way, which can result in  exploitable
	/tmp race conditions.
	

	In addition,  the  procedure  GNAT.OS_Lib.Create_Temp_File  creates  the
	temporary file in the current  directory  and  does  not  retry  with  a
	different file name if the generated random  file  name  has  come  into
	existance before the file is opened using O_EXCL.

SOLUTION

	The patch below replaces the calls to tmpnam() or mktemp() with ones  to
	mkstemp(). Of course, this only works  on  systems  where  mkstemp()  is
	available.
	

	Patch for GNAT 3.14p:
	

	       http://cert.uni-stuttgart.de/files/fw/gnat-3.14p-mkstemp.diff