summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2005-05-27 17:45:57 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2005-05-27 17:45:57 +0000
commit5d05f9ab43992c83f5ea86e6f65ba7b0d82ceeac (patch)
tree08dacad99573eed60c6d3a25e3693f605b0f5286
parent41328c09e266d4a15f2fdccc2afd06dc3575e0e1 (diff)
mktemp(3) et al. go in stdlib.h, not unistd.h. While there be more
explicit about mktemp(3) in the man page.
-rw-r--r--include/stdlib.h6
-rw-r--r--include/unistd.h6
-rw-r--r--lib/libc/stdio/mktemp.338
3 files changed, 33 insertions, 17 deletions
diff --git a/include/stdlib.h b/include/stdlib.h
index 8fdec7e2e99..244764cc99e 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: stdlib.h,v 1.33 2005/05/11 18:44:12 espie Exp $ */
+/* $OpenBSD: stdlib.h,v 1.34 2005/05/27 17:45:56 millert Exp $ */
/* $NetBSD: stdlib.h,v 1.25 1995/12/27 21:19:08 jtc Exp $ */
/*-
@@ -122,6 +122,10 @@ ldiv_t ldiv(long, long);
long long
llabs(long long);
void *malloc(size_t);
+char *mkdtemp(char *);
+int mkstemp(char *);
+int mkstemps(char *, int);
+char *mktemp(char *);
void qsort(void *, size_t, size_t, int (*)(const void *, const void *));
int rand(void);
int rand_r(unsigned int *);
diff --git a/include/unistd.h b/include/unistd.h
index 30329fc8abd..56a85a1521b 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: unistd.h,v 1.52 2004/01/13 18:10:53 millert Exp $ */
+/* $OpenBSD: unistd.h,v 1.53 2005/05/27 17:45:56 millert Exp $ */
/* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */
/*-
@@ -165,10 +165,6 @@ int initgroups(const char *, gid_t);
int iruserok(u_int32_t, int, const char *, const char *);
int iruserok_sa(const void *, int, int, const char *, const char *);
int lchown(const char *, uid_t, gid_t);
-char *mkdtemp(char *);
-int mkstemp(char *);
-int mkstemps(char *, int);
-char *mktemp(char *);
int nfssvc(int, void *);
int nice(int);
void psignal(unsigned int, const char *);
diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3
index 50ef13e896c..6d65ef74185 100644
--- a/lib/libc/stdio/mktemp.3
+++ b/lib/libc/stdio/mktemp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: mktemp.3,v 1.34 2003/10/17 09:50:18 jmc Exp $
+.\" $OpenBSD: mktemp.3,v 1.35 2005/05/27 17:45:56 millert Exp $
.\"
.\" Copyright (c) 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -37,7 +37,7 @@
.Nm mkdtemp
.Nd make temporary file name (unique)
.Sh SYNOPSIS
-.Fd #include <unistd.h>
+.Fd #include <stdlib.h>
.Ft char *
.Fn mktemp "char *template"
.Ft int
@@ -49,23 +49,22 @@
.Sh DESCRIPTION
The
.Fn mktemp
-function takes the given file name template and overwrites a portion of it
-to create a file name.
+family of functions take the given file name template and overwrite
+a portion of it to create a new file name.
This file name is unique and suitable for use by the application.
The template may be any file name with some number of
.So Li X
.Sc Ns s
appended
to it, for example
-.Pa /tmp/temp.XXXX .
+.Pa /tmp/temp.XXXXXX .
The trailing
.So Li X
.Sc Ns s
are replaced with the current process number and/or a
unique letter combination.
-The number of unique file names
-.Fn mktemp
-can return depends on the number of
+The number of unique file names that
+can be returned depends on the number of
.So Li X
.Sc Ns s
provided; six
@@ -81,6 +80,23 @@ At least 6
should be used, though 10 is much better.
.Pp
The
+.Fn mktemp
+function generates a temporary file name based on a template as
+described above.
+Because
+.Fn mktemp
+does not actually create the temporary file there is a window of
+opportunity during which another process can open the file instead.
+Because of this race condition the
+.Fn mktemp
+should not be used in new code.
+.Fn mktemp
+was marked as a legacy interface in
+.St -p1003.1-2001
+and may be removed in a future release of
+.Ox .
+.Pp
+The
.Fn mkstemp
function makes the same replacement to the template and creates the template
file, mode 0600, returning a file descriptor opened for reading and writing.
@@ -162,7 +178,7 @@ code which calls
.Xr open 2
or
.Xr fopen 3
-on that filename will occur much later.
+on that file name will occur much later.
(In almost all cases, the use of
.Xr fopen 3
will mean that the flags
@@ -204,7 +220,7 @@ functions may set
to one of the following values:
.Bl -tag -width Er
.It Bq Er ENOTDIR
-The pathname portion of the template is not an existing directory.
+The path name portion of the template is not an existing directory.
.El
.Pp
The
@@ -288,7 +304,7 @@ device) that the attacker has created in the expected file location.
Hence
.Fn mkstemp
is recommended, since it atomically creates the file.
-An attacker can guess the filenames produced by
+An attacker can guess the file names produced by
.Fn mktemp .
Whenever it is possible,
.Fn mkstemp