...
This call to open() fails whenever /tmp/some_file already exists, including when it is a symbolic link. This is a good thingsecure, but a temporary file is presumably still required. One approach that can be used with open() is to generate random filenames and attempt to open() each until a unique name is discovered. Luckily, there are predefined functions that perform this function.
...
| Wiki Markup |
|---|
The Open Group BasedBase Specification Issue 6 \[[Open Group 04|AA. C References#Open Group 04]\] does not specify the mode and permissions the file is created with, so these are [implementation-defined|BB. Definitions#implementation-defined behavior]. |
...
| Wiki Markup |
|---|
In many older [implementations|BB. Definitions#implementation], the name is a function of process ID and time--so it is possible for the attacker to guess it and create a decoy in advance. FreeBSD has recently changed the {{mk*temp()}} family to get rid of the PID component of the filename and replace the entire thingfield with base-62 encoded randomness. This raises the number of possible temporary files for the typical use of 6 Xs significantly, meaning that even {{mktemp()}} with 6 Xs is reasonably (probabilistically) secure against guessing, except under very frequent usage \[[Kennaway 00|AA. C References#Kennaway 00]\] . |
Compliant Solution: tmpfile_s() (ISO/IEC TR 24731-1 )
...