[3859] in bugtraq
Re: mktemp() and friends
daemon@ATHENA.MIT.EDU (Casper Dik)
Tue Dec 24 16:07:57 1996
Date: Tue, 24 Dec 1996 20:29:35 +0100
Reply-To: Casper Dik <casper@holland.Sun.COM>
From: Casper Dik <casper@holland.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Tue, 24 Dec 1996 10:42:43 EST."
<Pine.LNX.3.91.961224100014.27868A-100000@washington.patriot.net>
>+ Something that accepts the new file's modes, unlike mkstemp, so that
> we don't have to go through the following three step process to ensure
> that the file is empty before we use a file created with 0666:
>
> mkstemp
> chmod
> ftruncate
What do different implementations of mkstemp() use for file mode?
Solaris 2.x uses mode 0600 which, to me, seems the only proper mode
for temporary files.
What do the BSDs use? I see "0600" in 4.3, and in 4.4lite so
I don't think that that's changed in between.
I also note that SV tmpfile() is not secure,, nor is BSD 4.3 tmpfile().
Later BSD releases rectify this and use mkstemp().
Many OSes out there will have a unsafe tmpfile(), depending on when
and where they got tmpfile(). SysV or early BSD heritage gives
a porblem.
Casper
