...
| Wiki Markup |
|---|
In many older [implementations|BB. Definitions#implementation], the name is a function of process ID and time--so it is possible for the attacker to guess it and create a decoy in advance. FreeBSD has recently changed the {{mk*temp()}} family to get rid of the PID component of the filename and replace the entire thing with base-62 encoded randomness. This raises the number of possible temporary files for the typical use of 6 Xs significantly, meaning that even {{mktemp()}} with 6 Xs is reasonably (probabilistically) secure against guessing, except under very frequent usage \[[Kennaway 00|AA. C References#Kennaway 00]\] . |
Compliant Solution: tmpfile
...
The POSIX.1-2001 function tmpfile() creates a temporary binary file that is different from any other existing file, and it is automatically removed when it is closed or when the program terminates. The file is opened for update with "w+b" mode.
| Code Block | ||
|---|---|---|
| ||
/* ... */
FILE* file = tmpfile();
if (file == NULL) {
/* Handle Error */
}
/* ... */
|
Compliant Solution: tmpfile_s() (ISO/IEC TR 24731-1 )
...