Bugtraq mailing list archives
Re: mktemp() and friends
From: deraadt () cvs openbsd org (Theo de Raadt)
Date: Mon, 23 Dec 1996 15:53:11 -0700
mktemp/mkstemp/tmpnam/tempnam should not be used and tmpfile should be implemented as above.
Sigh. You say mkstemp shouldn't be used, eh? My thesis of late has been that 90% of security errors has been because the programmers don't know their API's. Mainly I'm talking about strncpy and strncat, but... this one is also relevant. I suggest you read libc/stdio/mktemp.c to see that mkstemp() is in fact safe and does use O_CREAT|O_EXCL as you suggested. The man page also says that it is safe. mkstemp() was added precisely because of the problem you describe. mkstemp() _is_ safe, and should be used wherever possible. That's what I said earlier today, isn't it?
Then there are temporary files used in shell scripts - quite often root cornjobs get implemented to write to some file in /tmp (I prefer to use /, ~root or /etc).
OpenBSD has fixed these too. There were some quite funny ones -- on most systems noone is going to notice if you build huge symbolic link trees in /tmp at 2AM in the morning.
Current thread:
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Steve \ (Dec 24)
- Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
- Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)
- Re: mktemp() and friends Darren Reed (Dec 23)