This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: tmpnam v mkstemp
- To: geoffk at redhat dot com
- Subject: Re: tmpnam v mkstemp
- From: Paul Eggert <eggert at twinsun dot com>
- Date: Sat, 11 Nov 2000 14:11:01 -0800 (PST)
- CC: Neale dot Ferguson at softwareAG-usa dot com, libc-alpha at sources dot redhat dot com
- References: <200011112123.NAA29769@cygnus.com> <200011112147.NAA00656@geoffk.org>
> Date: Sat, 11 Nov 2000 13:47:20 -0800
> From: Geoff Keating <geoffk@geoffk.org>
> > xxxxxxxxx.so: the use of `tmpnam' is dangerous, better use `mkstemp'
>
> It is a libc link-time warning.... use of tmpnam() can allow another user
> to overwrite files owned by the user running tmpnam() even if the
> other user cannot write to those files.
No, you can use `tmpnam' safely by opening the returned file name with
O_CREAT|O_EXCL. This is similar to what `mkstemp' does internally.
I've seen applications that do this for portability reasons, as
`mkstemp' is not universally supported.
Does libc also warn about the use of functions like `strcpy' and
`gets' at link time? They are security holes as well, if used
incorrectly.