Pine has a few more problems...

Tue, 02 Sep 1997 01:23:52 -0400

Hey all,

Since youre discussing pine, and its problems, here is something i
found while reading through the source for pico, the editor in pine. It
seems that there is a race condition here in the routines it uses to make
temporary files.


here's the problem in action:

bring# ps axO user | grep pico
10420 notlumpy p4 I+ 0:00.04 pico
10366 lumpy p5 I+ 0:00.03 pico -w blahblah
bring# ln -s pico.10420
bring# ls -l
total 561
-rw-r--r-- 1 lumpy wheel 562100 Sep 1 19:34 L74874TMP.gz
lrwxrwxrwt 1 root wheel 10 Sep 2 01:20 pico.10420 ->
drwxr-xr-x 3 root wheel 512 Aug 30 21:38 screens

(at this point in another window i did a spell check,
one function that calls writetmp)

bring# ls -l
total 562
-rw-r--r-- 1 lumpy wheel 562100 Sep 1 19:34 L74874TMP.gz
-rw------- 1 notlumpy wheel 60 Sep 2 01:20
drwxr-xr-x 3 root wheel 512 Aug 30 21:38 screens

here are some code snippets:

os_unix.c ffwopen
* Open a file for writing. Return TRUE if all is well, and FALSE on error
* (cannot create).
char *fn;
extern FILE *ffp;

if ((ffp=fopen(fn, "w")) == NULL) {
emlwrite("Cannot open file for writing", NULL);
return (FIOERR);

os_unix.c tmpname

* tmpname - return a temporary file name in the given buffer
char *name;
sprintf(name, "/tmp/pico.%d", getpid()); /* tmp file name */

file.c writetmp

* writetmp - write a temporary file for message text, mindful of
* access restrictions and included text. If n is true, include
* lines that indicated included message text, otw forget them
char *writetmp(f, n)
int f, n;
static char fn[NFILEN];
register int s;
register LINE *lp;
register int nline;


if ((s=ffwopen(fn)) != FIOSUC) /* Open writes message. */
(code continues...)