[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gsl] test release for GSL 2.4

From: Patrick Alken
Subject: Re: [Help-gsl] test release for GSL 2.4
Date: Thu, 22 Jun 2017 09:48:24 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

> Hello,
> what is wrong about using tmpnam + fopen ?
> See "Remarks" section in
> It should solve the problem with placing the file in other path than
> root directory. According to linux manpages, both tmpnam and fopen
> should be C89 compatible.
> states it is ANSI compatible implementation available since Windows 95.
> David
Yes I should have clarified before, tmpnam() is a possible alternative,
however it is generally recommended to avoid this function.

For example, see

Warning: Between the time the pathname is constructed and the file is
created another process might have created a file with the same name
using tmpnam, leading to a possible security hole. The implementation
generates names which can hardly be predicted, but when opening the file
you should use the O_EXCL flag. Using tmpfile or mkstemp is a safe way
to avoid this problem.

So I should have said that tmpfile() appears to be the only ANSI C89
method of using temporary files which is thread-safe and also does not
contain the security vulnerability described above. The Linux man page
for tmpnam() also includes this:

       Never use this function.  Use mkstemp(3) or tmpfile(3) instead.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]