[Dev-luatex] mkstemp or similar in lua(tex)
Martin Schröder
martin at oneiros.de
Sat Nov 17 20:33:33 CET 2007
2007/11/17, Norbert Preining <preining at logic.at>:
> But are mkdtemp and mkstemp available everywhere we want to compile
> luatex?
>
> The man page of mkdtemp(3) is not very inviting:
> VERSIONS
> Available since glibc 2.1.91.
------------------
HISTORY
A mktemp() function appeared in Version 7 AT&T UNIX. The mkdtemp() func-
tion appeared in OpenBSD 2.2. The mkstemp() function appeared in 4.4BSD.
The mkstemps() function appeared in OpenBSD 2.3.
BUGS
For mktemp() there is an obvious race between file name selection and
file creation and deletion: the program is typically written to call
tmpnam(3), tempnam(3), or mktemp(). Subsequently, the program calls
open(2) or fopen(3) and erroneously opens a file (or symbolic link, FIFO
or other device) that the attacker has created in the expected file loca-
tion. Hence mkstemp() is recommended, since it atomically creates the
file. An attacker can guess the file names produced by mktemp(). When-
ever it is possible, mkstemp() or mkdtemp() should be used instead.
For this reason, ld(1) will output a warning message whenever it links
code that uses mktemp().
The mkdtemp() and mkstemps() functions are non-standard and should not be
used if portability is required.
------------------
Btw: The OpenBSD man pages are available online. :-)
Best
Martin
More information about the dev-luatex
mailing list