Secure Coding mailing list archives
temporary directories
From: rcs at cert.org (Robert C. Seacord)
Date: Wed, 03 Jan 2007 09:33:43 -1000
David, Thanks for the explanation of mkdtemp(). I got confused reading the man page because I wasn't expecting the function to return char *, but I guess that makes sense.
I wish that the C standard body would update the C library and add an "exclusive create" capability for fopen(), so that languages that build on fopen() can do so.
Have you looked at TR 24731-1? The latest revision is n119 at http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1199.pdf Section 6.5.2.1 defines the fopen_s function. I am planning on submitting a DR against this TR to add an exclusive create capability. There are also some new tmpfile_s() and tmpnam_s() functions although I have some issues with these as well.
This doesn't work on at least old versions of NFS reliably, unfortunately. I believe that's been fixed, but I have not verified that.
I also believe that it was fixed (in Version 3). rCs
Current thread:
- temporary directories Wietse Venema (Jan 02)
- <Possible follow-ups>
- temporary directories David A. Wheeler (Jan 03)
- temporary directories Robert C. Seacord (Jan 03)