[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev LYUtils and mktemp, and string2.h warnings (glibc 2.2)

From: Thomas Dickey
Subject: Re: lynx-dev LYUtils and mktemp, and string2.h warnings (glibc 2.2)
Date: Sun, 24 Dec 2000 09:08:24 -0500
User-agent: Mutt/1.2.5i

On Sat, Dec 23, 2000 at 06:44:17PM -0700, address@hidden wrote:
> In a recent note, Thomas Dickey said:
> > Date: Sat, 23 Dec 2000 13:30:22 -0500
> > 
> > mkstemp is insecure on older Linux systems (creates world-writable files,
> > according to the man-page).
> > 
> Does it even overrule the setting of "umask" to do so?

I haven't tested that - also I recall someone saying that mkstemp is broken on
some older vendor boxes.  I could write a configure check to try to determine
if mkstemp's reasonably secure (but at the time, the person who was urging me
to use mkstemp went further and wanted me to code in dependencies for behavior
that were specific to his platform, so I put the whole issue aside for another

Note that it's only cited for BSD4.3, which doesn't give good confidence for

Here's what Slackware 3.6 (lib5b with some influence from glibc2) has to say
(but compare with Solaris 2.6, next):

MKSTEMP(3)          Linux Programmer's Manual          MKSTEMP(3)

       mkstemp - create a unique temporary file

       #include <unistd.h>

       int mkstemp(char *template);

       The  mkstemp()  function generates a unique temporary file
       name from template.  The last six characters  of  template
       must  be  XXXXXX and these are replaced with a string that
       makes the filename unique.  The file is then created  with
       mode read/write and permissions 0666 (glibc 2.0.6 and ear-
       lier), 0600 (glibc 2.0.7 and later).

       The mkstemp() function returns the file descriptor  fd  of
       the temporary file.

       EINVAL The  last  six  characters  of  template  were  not

       EEXIST The temporary file is not unique.

       The old behaviour (creating a file with mode 0666) may  be
       a  security risk, especially since other Unix flavours use
       0600, and somebody might overlook this detail when porting

       BSD 4.3

       mktemp(3), tmpnam(3), tempnam(3), tmpfile(3)

GNU                       April 3, 1993                         1

Solaris 2.6:

C Library Functions                                   mkstemp(3C)

     mkstemp - make a unique file name

     #include <stdlib.h>

     int mkstemp(char *template);

     The mkstemp() function replaces the contents of  the  string
     pointed  to by template by a unique file name, and returns a
     file descriptor for the file open for reading  and  writing.
     The  function  thus  prevents  any  possible  race condition
     between testing whether the file exists and opening  it  for
     use.   The  string  in template should look like a file name
     with six trailing 'X's; mkstemp() replaces each 'X'  with  a
     character  from  the  portable file name character set.  The
     characters are chosen such that the resulting name does  not
     duplicate the name of an existing file.

     Upon successful completion, mkstemp() returns an  open  file
     descriptor.   Otherwise  -1  is returned if no suitable file
     could be created.

     No errors are defined.

     It is possible to run out of letters.

     The mkstemp() function does not check to  determine  whether
     the file name part of template exceeds the maximum allowable
     file name length.

     For portability  with  X/Open  standards  prior  to  XPG4v2,
     tmpfile(3S) is preferred over this function.

     The mkstemp() function has an  explicit  64-bit  equivalent.
     See interface64(5).

     getpid(2), open(2), tmpfile(3S), tmpnam(3S), interface64(5),

SunOS 5.6           Last change: 26 Feb 1997                    1

Thomas E. Dickey <address@hidden>

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]