RUS-CERT Advisory 2002-02:01 – Temporary file handling in GNATThe run-time library of the GNU Ada compiler (GNAT) handles temporary files in an unsafe manner.
All POSIX multi-user systems running GNAT-compiled binaries which use Ada language facilities for creating temporary files are affected. The following GNAT versions are known to have this defect:
- GNAT 3.12p
- GNAT 3.13p
- GNAT 3.14p
- GNAT in GCC 3.1 on platforms other than GNU/Linux
(The unreleased version of GNAT in the GCC 3.2 CVS fixes this security defect for GNU/Linux, but introduces another one. Its use is strongly discouraged until this problem has been addressed.)
Local, interactive access is usually required to exploit this vulnerability.
The impact depends on the application creating the temporary file. It ranges from temporary to permanent denial of service, from data eavesdropping to system compromise.
/tmp race condition
The Ada language offers a facility to create named temporary files (see ISO/IEC 8652:1995, section A.8.5.2). The GNAT run-time library creates these temporary files in an unsafe way, which can result in exploitable
/tmp race conditions.
In addition, the procedure
GNAT.OS_Lib.Create_Temp_File creates the temporary file in the current directory and does not retry with a different file name if the generated random file name has come into existance before the file is opened using
The patch below replaces the calls to
mktemp() with ones to
mkstemp(). Of course, this only works on systems where
mkstemp() is available.
- Patch for GNAT 3.14p (Patch not available anymore)
Unfortunately, more substantial changes are required for previous versions of GNAT.
Ada Core Technologies was contacted on 2000-04-16.
is the Computer Emergency Response Team located at the Computing Center (RUS) of the University of Stuttgart, Germany.
2001-05-18: Added information on GCC 3.1.