Bugtraq mailing list archives

Re: mktemp() and friends

From: deraadt () cvs openbsd org (Theo de Raadt)
Date: Mon, 23 Dec 1996 15:53:11 -0700

mktemp/mkstemp/tmpnam/tempnam should not be used and tmpfile should be
implemented as above.


Sigh.

You say mkstemp shouldn't be used, eh?

My thesis of late has been that 90% of security errors has been
because the programmers don't know their API's.  Mainly I'm talking
about strncpy and strncat, but... this one is also relevant.

I suggest you read libc/stdio/mktemp.c to see that mkstemp() is in
fact safe and does use O_CREAT|O_EXCL as you suggested.  The man page
also says that it is safe.  mkstemp() was added precisely because of
the problem you describe.

mkstemp() _is_ safe, and should be used wherever possible.  That's what
I said earlier today, isn't it?

Then there are temporary files used in shell scripts - quite often root
cornjobs get implemented to write to some file in /tmp (I prefer to use
/, ~root or /etc).


OpenBSD has fixed these too.  There were some quite funny ones -- on
most systems noone is going to notice if you build huge symbolic link
trees in /tmp at 2AM in the morning.

Current thread:

Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
  - Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
  - Re: mktemp() and friends Darren Reed (Dec 23)
  - Re: mktemp() and friends Steve \ (Dec 24)
    - Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
  - Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)