This is the mail archive of the
mailing list for the glibc project.
Re: tmpnam v mkstemp
- To: kaz at ashi dot footprints dot net
- Subject: Re: tmpnam v mkstemp
- From: Geoff Keating <geoffk at geoffk dot org>
- Date: Sun, 12 Nov 2000 12:56:31 -0800
- CC: eggert at twinsun dot com, Neale dot Ferguson at softwareAG-usa dot com, libc-alpha at sources dot redhat dot com
- References: <Pine.LNX.4.10.10011111941460.32200-100000@ashi.FootPrints.net>
- Reply-to: Geoff Keating <geoffk at redhat dot com>
> Date: Sat, 11 Nov 2000 20:04:15 -0800 (PST)
> From: Kaz Kylheku <firstname.lastname@example.org>
> cc: email@example.com, Neale.Ferguson@softwareAG-usa.com,
> So the O_EXCL shouldn't even be required if the filename generation method is
It is necessary for security. If you don't use O_EXCL, a malicious
user could create a symlink between the time tmpnam() is called and
the time the file is actually created, leading to the file of their
choice being truncated. An example of a file where that might be
bad is ~/.rhosts.
The usual use of tmpnam() goes like
FILE *f = fopen (tmpnam (NULL), "w+");
(because people using tmpnam() are likely to use other stdio
facilities) and this is insecure.
- Geoffrey Keating <firstname.lastname@example.org>