FILE
*
tmpfile(
void
)
char
*
tmpnam(
char *str
)
char
*
tempnam(
const char *tmpdir
, const char *prefix
)
)
function
returns a pointer to a stream associated with a file descriptor returned
by the routine
mkstemp(3).
The created file is unlinked before
tmpfile(
)
returns, causing the file to be automatically deleted when the last
reference to it is closed.
The file is opened with the access value
`w+'.
The
tmpnam()
function
returns a pointer to a file name, in the
P_tmpdir
directory, which
did not reference an existing file at some indeterminate point in the
past.
P_tmpdir
is defined in the include file
<stdio.h
>.
If the argument
s
is
non-NULL
,
the file name is copied to the buffer it references.
Otherwise, the file name is copied to a static buffer.
In either case,
tmpnam()
returns a pointer to the file name.
The buffer referenced by
s
is expected to be at least
L_tmpnam
bytes in length.
L_tmpnam
is defined in the include file
<stdio.h
>.
The
tempnam()
function
is similar to
tmpnam(
),
but provides the ability to specify the directory which will
contain the temporary file and the file name prefix.
The environment variable
TMPDIR
(if set), the argument
tmpdir
(if
non-NULL
),
the directory
P_tmpdir
,
and the directory
/tmp
are tried, in the listed order, as directories in which to store the
temporary file.
The argument
prefix
,
if
non-NULL
,
is used to specify a file name prefix, which will be the
first part of the created file name.
tempnam()
allocates memory in which to store the file name; the returned pointer
may be used as a subsequent argument to
free(3).
)
function
returns a pointer to an open file stream on success, and a
NULL
pointer
on error.
The
tmpnam()
and
tempnam(
)
functions
return a pointer to a file name on success, and a
NULL
pointer
on error.
)
function
may fail and set the global variable
errno
for any of the errors specified for the library functions
fdopen(3)
or
mkstemp(3).
The
tmpnam()
function
may fail and set
errno
for any of the errors specified for the library function
mktemp(3).
The
tempnam()
function
may fail and set
errno
for any of the errors specified for the library functions
malloc(3)
or
mktemp(3).
)
and
tmpnam(
)
functions
conform to
ANSI X3.159-1989 (``ANSI C89'') .
AT&T
System V UNIX
and
ANSI
compatibility only.
The
mkstemp(3)
interface is strongly preferred.
),
tempnam(
),
or
mktemp(3).
Subsequently, the program calls
open(2)
or
fopen(3)
and erroneously opens a file (or symbolic link, or fifo or other
device) that the attacker has placed in the expected file location.
Hence
mkstemp(3)
is recommended, since it atomically creates the file.
Second, most historic implementations provide only a limited number
of possible temporary file names (usually 26) before file names will
start being recycled.
Third, the
AT&T
System V UNIX
implementations of these functions (and of
mktemp(3))
use the
access(2)
system call to determine whether or not the temporary file may be created.
This has obvious ramifications for setuid or setgid programs, complicating
the portable use of these interfaces in such programs.
Finally, there is no specification of the permissions with which the
temporary files are created.
This implementation of
tmpfile()
does not have these flaws,
and that of
tmpnam(
)
and
tempnam(
)
only have the first limitation, but portable software
cannot depend on that.
In particular, the
tmpfile(
)
interface should not be used in software expected to be used on other systems
if there is any possibility that the user does not wish the temporary file to
be publicly readable and writable.
A link-time warning will be issued if
tmpnam()
or
tempnam(
)
is used, and advises the use of
mkstemp(
)
instead.