Date: Wed, 21 Oct 1998 02:28:35 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, peter@netplex.com.au Cc: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libc/stdio mktemp.c Message-ID: <199810201628.CAA15294@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> Yes, any change breaks: >> >> /* >> * Prevent even ourself from easily accessing the tmp file except >> * via the fd returned by mkstemp(). Dont ask why :-). >> */ >> umask(0777); >> fd = mkstemp(foo); > >man mkstemp: > The mkstemp() function makes the same replacement to the template and > creates the template file, mode 0600, returning a file descriptor opened > ^^^^ > for reading and writing. This avoids the race between testing for a > file's existence and opening it for use. man creat. It's not clear that creation has its English meaning or the technical one of creat. I trust the code more than the man page. >A specfic mode is specified, your example is broken, especially on NFS. >The way to implement what you want is: > > fd = mkstemp(foo); > unlink(foo); This has a race between the mkstemp() and the unlink(). >or, if you want a FILE * in the end, use "fp = tmpfile();" Hmm. POSIX specifies that tmpfile() shall allocate the fd as fopen() does (and that fopen() shall allocate it as open() does). This seems to require honouring the umask. >Yes, you are right, nvi is going gaga. However, mkstemp() is still >broken, it does not behave as specified. This interface is not one we >"own" and we cannot change it. Who owns it? The Linux (Redhat version mumble) man page says that mkstemp() conforms to BSD 4.3 and creates the file with permissions 0666. glibc-2.0.5c uses the same O_EXCL open as us except for using this insecure mode. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810201628.CAA15294>