lucas wrote:
when i compile programs i download for linux, i get this warning and i can't
finish the compile:
warning: the use of `tmpnam' is dangerous, better use `mkstemp'
is there away around this? or do i have to modify the source to use mkstemp?
"Is there a way around this?" Well, if "this" is the
shortcomings of tmpname(), then no: if you use tmpnam(), you
accept its problems. Some of those problems are:
- Race conditions: tmpnam() generates a file name that is
not in use at the moment of the call, but there's no
guarantee that some other program might not create such
a file two nanoseconds later, before you get a chance
to use the name tmpnam() built for you.
- Security holes: It's at least conceivable that the race
condition mentioned above could be exploited as part of
a penetration of privilege barriers.
- Disk pollution: When you create a file using the name
tmpnam() gave you, you must remember to remove() it when
you're through (assuming you want it to be temporary).
If your program crashes or is stopped by ^C or some such
and you don't remove() the file, it will hang around on
the disk and take up space. This could become troublesome,
especially if the "temporary" files tend to be large.
What to do instead? The Standard C library provides the
tmpfile() function, which solves or at least addresses most of
these problems. As for mkstemp() -- well, it's not part of
Standard C; try a newsgroup like comp.unix.programmer if you
need help with it.
--
Er*********@sun.com