[cfe-dev] question about mktemp security warning
Nuno Lopes
nunoplopes at sapo.pt
Wed Mar 24 16:24:49 PDT 2010
The problem with mktemp is a possible race condition.
Imagine that 2 programs call mktemp(). It may happen that they both get the
same file name (because they didn't create the file yet), and in the end
each program will have a filename that is not unique.
Nuno
----- Original Message -----
>
> I see a security warning in the analyzer that saids that using mktemp is
> always wrong.
> I though using mktemp + open(path, O_CREAT | O_EXCL) was safe.
>
> Did I miss something, or is the analyzer a little too much strict about
> this function ?
>
> I known that mkstemp should be preferred, but some API (like SQLite)
> provide only an "open" like function, and no "fdopen" like function, so
> mkstemp is useless in these case.
>
> -- Jean-Daniel
More information about the cfe-dev
mailing list