[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mkstemp

From: Eric Blake
Subject: Re: mkstemp
Date: Wed, 27 Apr 2011 07:00:48 -0600
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110307 Fedora/3.1.9-0.39.b3pre.fc14 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.9

On 04/27/2011 04:05 AM, Reuben Thomas wrote:
> On 27 April 2011 03:24, Bruno Haible <address@hidden> wrote:
>>> Does setting a 0600 umask (as glibc does) sound like a good thing to
>>> add to the mkstemp-safer functions?

Setting umask() is bad for other reasons - it is global state, and
should not be done in multi-threaded applications.  Doing chmod() after
the fact is too late.  So yes, I think it would be nice to enhance the
mkstemp module to detect implementations that do not use 0600 as the
third argument to the open() used under the hood by mkstemp(), and
replace mkstemp() on those platforms as well, which would then give us
GNU semantics on all platforms, as a relatively easy guarantee.  The
hardest part now is writing the m4 test to detect platforms whose
mkstemp is insecure.

> However, this suggests that the gnulib documentation for mkstemp
> should direct the programmer to clean-temp, something like:
> "If you are creating temporary files which will later be removed, consider
> using the clean-temp module, which avoids several pitfalls of using mkstemp
> directly."

I could also live with that in the mkstemp.c file.  Would you care to
help write the patch?

Eric Blake   address@hidden    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]