This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: tmpnam v mkstemp


> Date: Sat, 11 Nov 2000 20:04:15 -0800 (PST)
> From: Kaz Kylheku <kaz@ashi.footprints.net>
> cc: geoffk@redhat.com, Neale.Ferguson@softwareAG-usa.com,
>         libc-alpha@sources.redhat.com

> So the O_EXCL shouldn't even be required if the filename generation method is
> sound.

It is necessary for security.  If you don't use O_EXCL, a malicious
user could create a symlink between the time tmpnam() is called and
the time the file is actually created, leading to the file of their
choice being truncated.  An example of a file where that might be
bad is ~/.rhosts.

The usual use of tmpnam() goes like

FILE *f = fopen (tmpnam (NULL), "w+");

(because people using tmpnam() are likely to use other stdio
facilities) and this is insecure.

-- 
- Geoffrey Keating <geoffk@geoffk.org>

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]