This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: tmpnam v mkstemp

To: geoffk at redhat dot com
Subject: Re: tmpnam v mkstemp
From: Paul Eggert <eggert at twinsun dot com>
Date: Sat, 11 Nov 2000 14:11:01 -0800 (PST)
CC: Neale dot Ferguson at softwareAG-usa dot com, libc-alpha at sources dot redhat dot com
References: <200011112123.NAA29769@cygnus.com> <200011112147.NAA00656@geoffk.org>

> Date: Sat, 11 Nov 2000 13:47:20 -0800
> From: Geoff Keating <geoffk@geoffk.org>

> > xxxxxxxxx.so: the use of `tmpnam' is dangerous, better use `mkstemp'
> 
> It is a libc link-time warning....  use of tmpnam() can allow another user
> to overwrite files owned by the user running tmpnam() even if the
> other user cannot write to those files.

No, you can use `tmpnam' safely by opening the returned file name with
O_CREAT|O_EXCL.  This is similar to what `mkstemp' does internally.
I've seen applications that do this for portability reasons, as
`mkstemp' is not universally supported.

Does libc also warn about the use of functions like `strcpy' and
`gets' at link time?  They are security holes as well, if used
incorrectly.

Follow-Ups:
- Re: tmpnam v mkstemp
  - From: Geoff Keating
- Re: tmpnam v mkstemp
  - From: Kaz Kylheku

References:
- Re: tmpnam v mkstemp
  - From: Geoff Keating

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]