[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tempfile best practice vs. man pages

Nathanael Nerode <neroden@fastmail.fm> writes:

> The manpages for the various ways of creating a temporary file from C
> are a bit scary...

> tmpnam(3): "Never use this function. Use mkstemp(3) or tmpfile(3) instead."
> mktemp(3): "Never  use  mktemp()."
> tempnam(3): "Never use this function. Use mkstemp(3) or tmpfile(3) instead."
> mkstemp(3): "Don't use this function, use tmpfile(3) instead."
> tmpfile(3): Not suitable for most applications, because it generates a 
> FILE* and nothing else.

The warning on mkstemp is wrong, or at least questionable.  It's the
correct function to use unless an open-but-deleted file is sufficient.
It's true that tmpfile is more portable, but it's not uncommon to need a
persistant file rather than one only accessible by the calling process and
its children (with effort).

> I'm guessing that the dire warning on tempnam(3) is overblown.  Am I
> right?

tempnam is insecure unless you know what you're doing.  mkstemp and
tmpfile open the file for you and is therefore preferred.  Note that the
checking that tempnam performs on whether the file already exists is
worthless from a security standpoint because it doesn't actually create
the file.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: