Re: [DebianGIS] GRASS 6.0.1 for sarge and on-going work...

[Hamish <hamish_nospam@yahoo.com>]

> > > > I notice that the new 6.0.1 grass package is missing the
> > > > r.terraflow module (configure --with-cxx). 
> > > 
> > > There is a --without-cxx later on that overrides it. This was to
> > > prevent it building due to the tmp file security problem which is
> > > maybe fixed now(?). Just need to remove that and it should work.

oh, sorry, I didn't scan far enough down to see that.

> > Eh, better to check it. I downloaded 6.0.1-1 with --with-cxx
> > enabled, looking into the issue...
> 
> Well, as already pointed by Hamish previously,
> raster/r.terraflow/IOStream/lib/src/ami_stream.cc uses mkstemp() to
> atomically create a temporary file under /var/tmp, so that issue is a
> non-one currently.

Yes. There are no insecure tmp files in GRASS that I know of now.


> That code needs also some refinement, due to wide use of deprecated
> sprintf(). AFAIK, but for snprintf(), GRASS has his own G_asprintf()
> which is also better and portable. But that's an upstream issue
> anyway...

.. one that gives me headaches. AFAIK G_asprintf() writes to a tmp file
and then reads from it which IMO is too inefficent for widespread use.
Still waiting for something better or perhaps a better understanding of
why the existing version really isn't so bad after all.



Hamish