tmpnam.3 diff - stdio/tmpnam.3 - Libc source code Libc-498

stdio/tmpnam.3 Libc-498 ⇄ Libc-262
--- Libc/Libc-498/stdio/tmpnam.3
+++ Libc/Libc-262/stdio/tmpnam.3
@@ -34,7 +34,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)tmpnam.3	8.2 (Berkeley) 11/17/93
-.\" $FreeBSD: src/lib/libc/stdio/tmpnam.3,v 1.16 2004/06/21 19:38:25 mpp Exp $
+.\" $FreeBSD: src/lib/libc/stdio/tmpnam.3,v 1.10 2001/10/01 16:08:59 ru Exp $
 .\"
 .Dd November 17, 1993
 .Dt TMPFILE 3
@@ -49,18 +49,11 @@
 .Sh SYNOPSIS
 .In stdio.h
 .Ft FILE *
-.Fo tmpfile
-.Fa void
-.Fc
+.Fn tmpfile void
 .Ft char *
-.Fo tmpnam
-.Fa "char *s"
-.Fc
+.Fn tmpnam "char *str"
 .Ft char *
-.Fo tempnam
-.Fa "const char *dir"
-.Fa "const char *pfx"
-.Fc
+.Fn tempnam "const char *tmpdir" "const char *prefix"
 .Sh DESCRIPTION
 The
 .Fn tmpfile
@@ -74,13 +67,12 @@
 reference to it is closed.
 The file is opened with the access value
 .Ql w+ .
-If the environment variable
+The file is created in the directory determined by the environment variable
 .Ev TMPDIR
-is defined,
-the file is created in the specified directory.
-The default location, if
+if set.
+The default location if
 .Ev TMPDIR
-is not set, is
+is not set is
 .Pa /tmp .
 .Pp
 The
@@ -93,9 +85,9 @@
 past.
 .Dv P_tmpdir
 is defined in the include file
-.In stdio.h .
+.Aq Pa stdio.h .
 If the argument
-.Fa s
+.Fa str
 is
 .Pf non- Dv NULL ,
 the file name is copied to the buffer it references.
@@ -105,13 +97,13 @@
 returns a pointer to the file name.
 .Pp
 The buffer referenced by
-.Fa s
+.Fa str
 is expected to be at least
 .Dv L_tmpnam
 bytes in length.
 .Dv L_tmpnam
 is defined in the include file
-.In stdio.h .
+.Aq Pa stdio.h .
 .Pp
 The
 .Fn tempnam
@@ -124,7 +116,7 @@
 The environment variable
 .Ev TMPDIR
 (if set), the argument
-.Fa dir
+.Fa tmpdir
 (if
 .Pf non- Dv NULL ) ,
 the directory
@@ -135,14 +127,12 @@
 temporary file.
 .Pp
 The argument
-.Fa pfx ,
+.Fa prefix ,
 if
 .Pf non- Dv NULL ,
 is used to specify a file name prefix, which will be the
 first part of the created file name.
-The
-.Fn tempnam
-function
+.Fn Tempnam
 allocates memory in which to store the file name; the returned pointer
 may be used as a subsequent argument to
 .Xr free 3 .
@@ -192,48 +182,6 @@
 .Xr malloc 3
 or
 .Xr mktemp 3 .
-.Sh SECURITY CONSIDERATIONS
-The
-.Fn tmpnam
-and
-.Fn tempnam
-functions are susceptible to a race condition
-occurring between the selection of the file name
-and the creation of the file,
-which allows malicious users
-to potentially overwrite arbitrary files in the system,
-depending on the level of privilege of the running program.
-Additionally, there is no means by which
-file permissions may be specified.
-It is strongly suggested that
-.Xr mkstemp 3
-be used in place of these functions.
-(See
-the FSA.)
-.Sh COMPATIBILITY
-These interfaces are provided from System V and
-.Tn ANSI
-compatibility only.
-.Pp
-Most historic implementations of these functions provide
-only a limited number of possible temporary file names
-(usually 26)
-before file names will start being recycled.
-System V implementations of these functions
-(and of
-.Xr mktemp 3 )
-use the
-.Xr access 2
-system call to determine whether or not the temporary file
-may be created.
-This has obvious ramifications for setuid or setgid programs,
-complicating the portable use of these interfaces in such programs.
-.Pp
-The
-.Fn tmpfile
-interface should not be used in software expected to be used on other systems
-if there is any possibility that the user does not wish the temporary file to
-be publicly readable and writable.
 .Sh SEE ALSO
 .Xr mkstemp 3 ,
 .Xr mktemp 3
@@ -245,3 +193,37 @@
 functions
 conform to
 .St -isoC .
+.Sh BUGS
+These interfaces are provided for System V and
+.Tn ANSI
+compatibility only.
+The
+.Xr mkstemp 3
+interface is strongly preferred.
+.Pp
+There are four important problems with these interfaces (as well as
+with the historic
+.Xr mktemp 3
+interface).
+First, there is an obvious race between file name selection and file
+creation and deletion.
+Second, most historic implementations provide only a limited number
+of possible temporary file names (usually 26) before file names will
+start being recycled.
+Third, the System V implementations of these functions (and of
+.Xr mktemp 3 )
+use the
+.Xr access 2
+function to determine whether or not the temporary file may be created.
+This has obvious ramifications for setuid or setgid programs, complicating
+the portable use of these interfaces in such programs.
+Finally, there is no specification of the permissions with which the
+temporary files are created.
+.Pp
+This implementation does not have these flaws, but portable software
+cannot depend on that.
+In particular, the
+.Fn tmpfile
+interface should not be used in software expected to be used on other systems
+if there is any possibility that the user does not wish the temporary file to
+be publicly readable and writable.