[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev LYUtils and mktemp, and string2.h warnings (glibc 2.2)
From: |
Thomas Dickey |
Subject: |
Re: lynx-dev LYUtils and mktemp, and string2.h warnings (glibc 2.2) |
Date: |
Sun, 24 Dec 2000 09:08:24 -0500 |
User-agent: |
Mutt/1.2.5i |
On Sat, Dec 23, 2000 at 06:44:17PM -0700, address@hidden wrote:
> In a recent note, Thomas Dickey said:
>
> > Date: Sat, 23 Dec 2000 13:30:22 -0500
> >
> > mkstemp is insecure on older Linux systems (creates world-writable files,
> > according to the man-page).
> >
> Does it even overrule the setting of "umask" to do so?
I haven't tested that - also I recall someone saying that mkstemp is broken on
some older vendor boxes. I could write a configure check to try to determine
if mkstemp's reasonably secure (but at the time, the person who was urging me
to use mkstemp went further and wanted me to code in dependencies for behavior
that were specific to his platform, so I put the whole issue aside for another
time).
Note that it's only cited for BSD4.3, which doesn't give good confidence for
portability.
Here's what Slackware 3.6 (lib5b with some influence from glibc2) has to say
(but compare with Solaris 2.6, next):
MKSTEMP(3) Linux Programmer's Manual MKSTEMP(3)
NAME
mkstemp - create a unique temporary file
SYNOPSIS
#include <unistd.h>
int mkstemp(char *template);
DESCRIPTION
The mkstemp() function generates a unique temporary file
name from template. The last six characters of template
must be XXXXXX and these are replaced with a string that
makes the filename unique. The file is then created with
mode read/write and permissions 0666 (glibc 2.0.6 and ear-
lier), 0600 (glibc 2.0.7 and later).
RETURN VALUE
The mkstemp() function returns the file descriptor fd of
the temporary file.
ERRORS
EINVAL The last six characters of template were not
XXXXXX.
EEXIST The temporary file is not unique.
BUGS
The old behaviour (creating a file with mode 0666) may be
a security risk, especially since other Unix flavours use
0600, and somebody might overlook this detail when porting
programs.
CONFORMING TO
BSD 4.3
SEE ALSO
mktemp(3), tmpnam(3), tempnam(3), tmpfile(3)
GNU April 3, 1993 1
Solaris 2.6:
C Library Functions mkstemp(3C)
NAME
mkstemp - make a unique file name
SYNOPSIS
#include <stdlib.h>
int mkstemp(char *template);
DESCRIPTION
The mkstemp() function replaces the contents of the string
pointed to by template by a unique file name, and returns a
file descriptor for the file open for reading and writing.
The function thus prevents any possible race condition
between testing whether the file exists and opening it for
use. The string in template should look like a file name
with six trailing 'X's; mkstemp() replaces each 'X' with a
character from the portable file name character set. The
characters are chosen such that the resulting name does not
duplicate the name of an existing file.
RETURN VALUES
Upon successful completion, mkstemp() returns an open file
descriptor. Otherwise -1 is returned if no suitable file
could be created.
ERRORS
No errors are defined.
USAGE
It is possible to run out of letters.
The mkstemp() function does not check to determine whether
the file name part of template exceeds the maximum allowable
file name length.
For portability with X/Open standards prior to XPG4v2,
tmpfile(3S) is preferred over this function.
The mkstemp() function has an explicit 64-bit equivalent.
See interface64(5).
SEE ALSO
getpid(2), open(2), tmpfile(3S), tmpnam(3S), interface64(5),
standards(5)
SunOS 5.6 Last change: 26 Feb 1997 1
--
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden