[3851] in bugtraq
Re: mktemp() and friends
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Dec 23 21:29:25 1996
Date: Mon, 23 Dec 1996 15:53:11 -0700
Reply-To: Theo de Raadt <deraadt@cvs.openbsd.org>
From: Theo de Raadt <deraadt@cvs.openbsd.org>
X-To: Darren Reed <avalon@coombs.anu.edu.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Tue, 24 Dec 1996 07:51:31 +1100."
<199612232050.NAA25711@cvs.openbsd.org>
> mktemp/mkstemp/tmpnam/tempnam should not be used and tmpfile should be
> implemented as above.
Sigh.
You say mkstemp shouldn't be used, eh?
My thesis of late has been that 90% of security errors has been
because the programmers don't know their API's. Mainly I'm talking
about strncpy and strncat, but... this one is also relevant.
I suggest you read libc/stdio/mktemp.c to see that mkstemp() is in
fact safe and does use O_CREAT|O_EXCL as you suggested. The man page
also says that it is safe. mkstemp() was added precisely because of
the problem you describe.
mkstemp() _is_ safe, and should be used wherever possible. That's what
I said earlier today, isn't it?
> Then there are temporary files used in shell scripts - quite often root
> cornjobs get implemented to write to some file in /tmp (I prefer to use
> /, ~root or /etc).
OpenBSD has fixed these too. There were some quite funny ones -- on
most systems noone is going to notice if you build huge symbolic link
trees in /tmp at 2AM in the morning.
