Bug 44

Summary: Can't pass KRB4 TGT on RH7.2 due to glibc mkstemp
Product: Portable OpenSSH Reporter: Jan Iven <jan.iven>
Component: Build systemAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal CC: ksulliva
Priority: P2    
Version: -current   
Hardware: All   
OS: Linux   
Attachments:
Description Flags
patch to allow configure to detect an overly strict mkstemp() none

Description Jan Iven 2001-12-14 21:55:42 AEDT 
GNU glibc mkstemp fails if no "replacable" pattern of XXes is in the template
strings. The openbsd-compat one happily goes ahead.

on RH7.2 configure finds a working mkstemp() and disables use of the
openbsd-compat one.

Problem shows up in the mkstemp() call in auth-krb4.c:70 , which gets passed a
fixed string for the KRB4 TGT file and returns a runtime error
Comment 1 Damien Miller 2002-05-13 15:39:17 AEST 
Have you filed a bug in the glibc bug tracking system?

BTW, how did you compile with krb4 on Redhat 7.2 without running over libdes
conflicts?
Comment 2 Jan Iven 2002-05-13 19:50:21 AEST 
the "XXXX" for glibc mkstemp behaviour is as documented in their man page
("...The last six characters  of  template must  be  XXXXXX and these are
replaced with a string that makes the filename unique..."). I see no "bug" in
there, but if you think that this should get reported, I will.

As to the libdes problem -- we have krb4 recompiled against openssl. Mail me
directly if you need the spec file/SRPM.
Comment 3 Jan Iven 2002-07-05 01:11:11 AEST 
Update: I have reported this to the glibc people, who say that they will not
modify their mkstemp().
(http://bugs.gnu.org/cgi-bin/gnatsweb.pl?debug=&database=default&cmd=view+audit-trail&cmd=view&pr=3573)

Attached is a patch to configure{ac,in} to detect this and force using the
bsd_compat functions.
Comment 4 Jan Iven 2002-07-05 01:12:29 AEST 
Created attachment 129 [details]
patch to allow configure to detect an overly strict mkstemp()
Comment 5 Damien Miller 2003-01-07 15:18:49 AEDT 
Applied - thanks. I have no idea why it too me so long...
Comment 6 Damien Miller 2003-03-13 09:43:18 AEDT 
*** Bug 508 has been marked as a duplicate of this bug. ***
Comment 7 Damien Miller 2004-04-14 12:24:17 AEST 
Mass change of RESOLVED bugs to CLOSED