Re: Tempfile best practice vs. man pages
Nathanael Nerode <neroden@fastmail.fm> writes:
> The manpages for the various ways of creating a temporary file from C
> are a bit scary...
> tmpnam(3): "Never use this function. Use mkstemp(3) or tmpfile(3) instead."
> mktemp(3): "Never use mktemp()."
> tempnam(3): "Never use this function. Use mkstemp(3) or tmpfile(3) instead."
> mkstemp(3): "Don't use this function, use tmpfile(3) instead."
> tmpfile(3): Not suitable for most applications, because it generates a
> FILE* and nothing else.
The warning on mkstemp is wrong, or at least questionable. It's the
correct function to use unless an open-but-deleted file is sufficient.
It's true that tmpfile is more portable, but it's not uncommon to need a
persistant file rather than one only accessible by the calling process and
its children (with effort).
> I'm guessing that the dire warning on tempnam(3) is overblown. Am I
> right?
tempnam is insecure unless you know what you're doing. mkstemp and
tmpfile open the file for you and is therefore preferred. Note that the
checking that tempnam performs on whether the file already exists is
worthless from a security standpoint because it doesn't actually create
the file.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: