Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

tmpnam warning saying it is dangerous

Tags:

c++

temporary-files

I get this warning saying that tmpnam is dangerous, but I would prefer to use it, since it can be used as is in Windows as well as Linux. I was wondering why it would be considered dangerous (I'm guessing it's because of the potential for misuse rather than it actually not working properly).

like image 514
Cenoc Avatar asked Jul 21 '10 13:07

Cenoc

4 Answers

From tmpnam manpage :

The tmpnam() function generates a different string each time it is called, up to TMP_MAX times. If it is called more than TMP_MAX times, the behavior is implementation defined.

Although tmpnam() generates names that are difficult to guess, it is nevertheless possible that between the time that tmpnam() returns a pathname, and the time that the program opens it, another program might create that pathname using open(2), or create it as a symbolic link. This can lead to security holes. To avoid such possibilities, use the open(2) O_EXCL flag to open the pathname. Or better yet, use mkstemp(3) or tmpfile(3).

Mktemp really create the file, so you are assured it works, whereas tmpnam returns a name, possibly already existing.

like image 172
Scharron Avatar answered Nov 07 '22 16:11

Scharron

If you want to use the same symbol on multiple platforms, use a macro to define TMPNAM. As long as you pick more secure functions with the same interface, you'll be able to use it on both. You have conditional compilation somewhere in your code anyway, right?

like image 31
nmichaels Avatar answered Nov 07 '22 18:11

nmichaels

if you speak about the compiler warning of MSVC:

 These functions are deprecated because more secure versions are available;
 see tmpnam_s, _wtmpnam_s.

(http://msdn.microsoft.com/de-de/library/hs3e7355(VS.80).aspx)

otherwise just read what the manpages say about the drawbacks of this function. it is mostly about a 2nd process creating exactly the same file name as your process just did.

like image 1
akira Avatar answered Nov 07 '22 17:11

akira

From the tmpnam(3) manpage:

Although tmpnam() generates names that are difficult to guess, it is nevertheless possible that between the time that tmpnam() returns a pathname, and the time that the program opens it, another program might create that path‐ name using open(2), or create it as a symbolic link. This can lead to security holes. To avoid such possibili‐ ties, use the open(2) O_EXCL flag to open the pathname. Or better yet, use mkstemp(3) or tmpfile(3).

like image 1
janneb Avatar answered Nov 07 '22 18:11

janneb
Sign in to Comment

Related questions

C++ type suffix _t, _type or none
How do I interpret a message payload without violating type aliasing rules?
Function template specialization format
Output Unicode to console Using C++, in Windows
Creating an interface for an abstract class template in C++
Use of typename keyword with template function parameters
Looking for OpenCV tutorial [closed]
C++ vector of arrays
What does "sibling calls" mean?
C++ set: counting elements less than a value
Pointer interconvertibility vs having the same address
How do I wrap a C++ class with Cython?
What is special about the executables compiled with Visual Studio 11 which results in that the executables cannot be executed on Windows XP?
Why aren't static data members allowed in local classes?
Function pointer vs Function reference
C++ unexpected implict conversion
Valgrind Unrecognised instruction
Time complexity of a Priority Queue in C++
Why was getenv standardised but not setenv?
Modifying reference member from const member function in C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!