8.2 Known Problems

There are a small number of known problems documented in the files ‘docs/BUGS’ and ‘docs/TODO’. These will be fixed at some point in the future. Future problems should be reported via the cssc Bug Tracker, at http://savannah.gnu.org/bugs/?group=cssc.

There are also some security problems with this code:-

1. Temporary file races — cssc opens many temporary files, most of them with very predictable names. This can be used as a lever for compromising the security of a system, often by anticipating the name of a file which will be opened at some point, and creating a symbolic link of the same name. Most of the temporary files used are created in the same directory as the sccs file itself. cssc should not be used by the owners of files whose security is important, especially to control files whose sccs file is in a world-writable directory. See Filenames.

   The sccsdiff program ignores the setting of the TMPDIR environment variable. Temporary files with predictable names are created in the /tmp directory.

2. Setuid execution — It is common to install an extra set of binaries with the set-user-id bit turned on in their modes, to allow a specified group of users to make revisions to some important files. There are many ways in which a setuid program can be used by malicious users to gain access to the security privileges of the user as whom a program runs. cssc has not been reviewed with the relevant security issues in mind. Please do not install cssc programs with the set-user-id or set-group-id bits turned on.
3. Environment variables — cssc invokes external programs, notably the diff command and the program specified as the mr validation program. Some cssc programs (for example sccsdiff) invoke others. This is done without “cleaning up” the environment, and so this is another reason not to use the set-user-id bit for cssc programs. See Environment Variables.

Please refer to the section of the GNU General Public License entitled “NO WARRANTY” for information regarding the lack of warranty for this program. cssc is not a secure program, please do not rely on it to behave in a secure fashion.

Contributions of code or patches to fix these problems are, as always, gleefully welcomed. Please submit these to the maintainer.

Additionally, there is currently one problem that may not ever be fixed. This problem occurs only in the prt program when the list of ignored or excluded deltas is present for a sid but that list is empty. In this case sccs prints the ‘Included:’ or ‘Excluded:’ line in its output (with no numbers afterward) and cssc prints nothing. Since “fixing” this problem would require a horrible kludge, this has not been done. It is not expected that this will cause a problem for any users; if this is a problem for you, let the maintainer know and it will be fixed.