...
A call to mkstemp() replaces the six Xs in the template string with six randomly selected characters and returns a file descriptor for the file (opened for reading and writing):
| Code Block |
|---|
char template[] = "/tmp/fileXXXXXX";
if ((fd = mkstemp(template)) == -1) {
/* handle error condition */
}
|
...
| Code Block | ||
|---|---|---|
| ||
char sfn[15] = "/tmp/ed.XXXXXX";
FILE *sfp;
int fd = -1;
if ((fd = mkstemp(sfn)) == -1 || (sfp = fdopen(fd, "w+")) == NULL) {
if (fd != -1) {
unlink(sfn);
close(fd);
}
/* handle error condition */
}
unlink(sfn); /* unlink immediately */
/* use temporary file */
fclose(sfp);
close(fd); /* note this closes fd */
|
| Wiki Markup |
|---|
The Open Group Base Specification Issue 6 \[[Open Group 04|AA. C References#Open Group 04]\] does not specify the mode and permissions the file is created with, so these are [implementation-defined|BB. Definitions#implementation-defined behavior]. However, Issue 7 (aka POSIX.1-2008) will specify them as S_IRUSR\|S_IWUSR (0600). |
Implementation Details
For glibc versions 2.0.6 and earlier, the file is then created with mode read/write and permissions 0666; for glibc versions 2.0.7 and later, the file is created with permissions 0600. On NetBSD the file is opened created with mode read/write and permissions 0600.
| Wiki Markup |
|---|
In many older [implementations|BB. Definitions#implementation], the name is a function of process ID and time--so it is possible for the attacker to guess it and create a decoy in advance. FreeBSD has recently changed the {{mk*temp()}} family to get rid of the PID component of the filename and replace the entire field with base-62 encoded randomness. This raises the number of possible temporary files for the typical use of 6 Xs significantly, meaning that even {{mktemp()}} with 6 Xs is reasonably (probabilistically) secure against guessing, except under very frequent usage \[[Kennaway 00|AA. C References#Kennaway 00]\] . |
...