[sane-devel] Temp file races
Tim Waugh
twaugh@redhat.com
Fri, 18 Jan 2002 08:43:35 +0000
--l118U0+vX1D/6gtA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jan 18, 2002 at 12:25:34AM +0100, abel deuring wrote:
> Henning Meier-Geinitz wrote:
>=20
> > There are some ways to avoid this:
> >=20
> > * don't use temp files at all
> > * don't create them in a world writeable directory, use the HOME direct=
ory
> > * use open together with the flag O_EXCL and O_CREAT to make sure, that=
the
> > file (or a symlink) doesn't exist.
> > * use mkstemp. This is probably the best but I don't know how many plat=
forms
> > support it.
>=20
> What about a library function?
Indeed: mkstemp(3) is there for you to use (and you can use fdopen(3)
on the file descriptor to get a FILE*). Also there is tmpfile(3),
which should also be safe.
Basically: if it's a temporary file, use one of those two functions,
and not open or fopen.
Tim.
*/
--l118U0+vX1D/6gtA
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8R+A3yaXy9qA00+cRAk6LAKCjCaLFgGAr+5Ohs3sZDNQSoOHPXgCgk+2u
AbJ6StfsTLZColJ5jRAGjTw=
=Z6iS
-----END PGP SIGNATURE-----
--l118U0+vX1D/6gtA--