Date: Wed, 7 Jun 2000 03:45:12 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Maxim Sobolev <sobomax@FreeBSD.org> Cc: mi@privatelabs.com, freebsd-ports@FreeBSD.org, Ade Lovett <ade@lovett.com> Subject: Re: Call for arbitrage [Fwd: Re: ports/19047: net/arpwatch patched to use tmpfile() instead of mktemp()] Message-ID: <Pine.BSF.4.21.0006070337500.66450-100000@freefall.freebsd.org> In-Reply-To: <393E1D01.301DD0D7@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe the question is whether tmpfile() should be used in preference
to mkstemp().
On FreeBSD, either tmpfile() or mkstemp() have identical security
properties (tmpfile() in fact calls mkstemp() internally), but as stated
in the manpage, on other platforms tmpfile() is broken. Therefore, my
recommendation is to use something like:
int fd;
FILE *fp;
if ((fd = mkstemp(foo)) == -1) {
err(1, "mkstemp");
} else {
unlink(fd);
}
if ((fp = fdopen(fd, "w+")) == NULL)
err(1, "fdopen");
...
The unlink is to make sure that the temporary file is not left lying
around if the process exits before it would otherwise have been created
(in the old mktemp() scheme).
This method is portable across platforms, and can safely be reintegrated
by the software author.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006070337500.66450-100000>