Re: [Help-gsl] test release for GSL 2.4

[Patrick Alken]

> Hello,
>
> what is wrong about using tmpnam + fopen ?
>
> See "Remarks" section in
> https://msdn.microsoft.com/en-us/library/x8x7sakw.aspx
>
> It should solve the problem with placing the file in other path than
> root directory. According to linux manpages, both tmpnam and fopen
> should be C89 compatible.
> https://msdn.microsoft.com/de-de/subscriptions/hs3e7355(v=vs.80).aspx
> states it is ANSI compatible implementation available since Windows 95.
>
> David
>
Yes I should have clarified before, tmpnam() is a possible alternative,
however it is generally recommended to avoid this function.

For example, see
https://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html

Quote:
----
Warning: Between the time the pathname is constructed and the file is
created another process might have created a file with the same name
using tmpnam, leading to a possible security hole. The implementation
generates names which can hardly be predicted, but when opening the file
you should use the O_EXCL flag. Using tmpfile or mkstemp is a safe way
to avoid this problem.
----

So I should have said that tmpfile() appears to be the only ANSI C89
method of using temporary files which is thread-safe and also does not
contain the security vulnerability described above. The Linux man page
for tmpnam() also includes this:

----
BUGS
       Never use this function.  Use mkstemp(3) or tmpfile(3) instead.
----