On Wed, 4 Oct 2006 21:37:20 +0200 Sam Ravnborg <sam@xxxxxxxxxxxx> wrote: > > Subject: kbuild: don't put temp files in the source tree > > From: Andrew Morton <akpm@xxxxxxxx> > > > > http://bugzilla.kernel.org/show_bug.cgi?id=7261 breates us for putting a > > temporary file into the kernel source tree. Use mktemp. > > If my understanding of the sandbox feature is correct then the > root cause is that we generate a file during a kernel build. > > This file is generated in current directory which is > the output directory during a kernel build. > When building external modules then we continue to > keep the original kernel output directory as current directory. > > So what is happening is that early during the kernel build we > evaluate cflags-y resulting in as$$$$.tmp to be generated in > current directory and that violates the sandbox feature > of portage/gentoo. > > This we have avoid previously by utilising /dev/null but binutils > has shown bad behaviour in this respect when /dev/null was used > as output file. > > So the proposed patch will work because we utilise $TMP > but your follow-up patch will fail since you go back to using > the kernel dir as the place where you store the file. OK. I'm glad you understand the problem, because I sure didn't (don't). > I have no good fix for this. > > We could use > > +ASTMP = $(shell ${TMPDIR:-/tmp}/as$$$$)) > But the resulting security issues I do not understand. > Obviously there is a risk that we will have PID conflict also, > but that I consider minimal for a kernel build. > mktemp checks that the file doesn't already exist, so the window is fairly small. I'll go back to the earlier version, screw /dev/urandom. We only do it once per build... - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
