]> git.saurik.com Git - apple/libc.git/blob - stdio/mktemp.3
projects / apple / libc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Libc-498.1.5.tar.gz
[apple/libc.git] / stdio / mktemp.3
1 .\" Copyright (c) 1989, 1991, 1993
2 .\" The Regents of the University of California. All rights reserved.
3 .\"
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
6 .\" are met:
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
19 .\"
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" SUCH DAMAGE.
31 .\"
32 .\" @(#)mktemp.3 8.1 (Berkeley) 6/4/93
33 .\" $FreeBSD: src/lib/libc/stdio/mktemp.3,v 1.20 2004/02/20 04:08:28 green Exp $
34 .\"
35 .Dd February 11, 1998
36 .Dt MKTEMP 3
37 .Os
38 .Sh NAME
39 .Nm mkdtemp ,
40 .Nm mkstemp ,
41 .Nm mktemp ,
42 .Nm mktemps
43 .Nd make temporary file name (unique)
44 .Sh LIBRARY
45 .Lb libc
46 .Sh SYNOPSIS
47 .In unistd.h
48 .Ft char *
49 .Fo mkdtemp
50 .Fa "char *template"
51 .Fc
52 .Ft int
53 .Fo mkstemps
54 .Fa "char *template"
55 .Fa "int suffixlen"
56 .Fc
57 .In stdlib.h
58 .Ft int
59 .Fo mkstemp
60 .Fa "char *template"
61 .Fc
62 .Ft char *
63 .Fo mktemp
64 .Fa "char *template"
65 .Fc
66 .Sh DESCRIPTION
67 The
68 .Fn mktemp
69 function
70 takes the given file name template and overwrites a portion of it
71 to create a file name.
72 This file name is guaranteed not to exist at the time of function invocation
73 and is suitable for use
74 by the application.
75 The template may be any file name with some number of
76 .Ql X Ns s
77 appended
78 to it, for example
79 .Pa /tmp/temp.XXXXXX .
80 The trailing
81 .Ql X Ns s
82 are replaced with a
83 unique alphanumeric combination.
84 The number of unique file names
85 .Fn mktemp
86 can return depends on the number of
87 .Ql X Ns s
88 provided; six
89 .Ql X Ns s
90 will
91 result in
92 .Fn mktemp
93 selecting one of 56800235584 (62 ** 6) possible temporary file names.
94 .Pp
95 The
96 .Fn mkstemp
97 function
98 makes the same replacement to the template and creates the template file,
99 mode 0600, returning a file descriptor opened for reading and writing.
100 This avoids the race between testing for a file's existence and opening it
101 for use.
102 .Pp
103 The
104 .Fn mkstemps
105 function acts the same as
106 .Fn mkstemp ,
107 except it permits a suffix to exist in the template.
108 The template should be of the form
109 .Pa /tmp/tmpXXXXXXsuffix .
110 The
111 .Fn mkstemps
112 function
113 is told the length of the suffix string.
114 .Pp
115 The
116 .Fn mkdtemp
117 function makes the same replacement to the template as in
118 .Fn mktemp
119 and creates the template directory, mode 0700.
120 .Sh RETURN VALUES
121 The
122 .Fn mktemp
123 and
124 .Fn mkdtemp
125 functions return a pointer to the template on success and
126 .Dv NULL
127 on failure.
128 The
129 .Fn mkstemp
130 and
131 .Fn mkstemps
132 functions
133 return \-1 if no suitable file could be created.
134 If either call fails an error code is placed in the global variable
135 .Va errno .
136 .Sh ERRORS
137 The
138 .Fn mkstemp ,
139 .Fn mkstemps
140 and
141 .Fn mkdtemp
142 functions
143 may set
144 .Va errno
145 to one of the following values:
146 .Bl -tag -width Er
147 .It Bq Er ENOTDIR
148 The pathname portion of the template is not an existing directory.
149 .El
150 .Pp
151 The
152 .Fn mkstemp ,
153 .Fn mkstemps ,
154 and
155 .Fn mkdtemp
156 functions
157 may also set
158 .Va errno
159 to any value specified by the
160 .Xr stat 2
161 function.
162 .Pp
163 The
164 .Fn mkstemp
165 and
166 .Fn mkstemps
167 functions
168 may also set
169 .Va errno
170 to any value specified by the
171 .Xr open 2
172 function.
173 .Pp
174 The
175 .Fn mkdtemp
176 function
177 may also set
178 .Va errno
179 to any value specified by the
180 .Xr mkdir 2
181 function.
182 .Sh NOTES
183 A common problem that results in a core dump is that the programmer
184 passes in a read-only string to
185 .Fn mktemp ,
186 .Fn mkstemp ,
187 .Fn mkstemps ,
188 or
189 .Fn mkdtemp .
190 This is common with programs that were developed before
191 .St -isoC
192 compilers were common.
193 For example, calling
194 .Fn mkstemp
195 with an argument of
196 .Qq /tmp/tempfile.XXXXXX
197 will result in a core dump due to
198 .Fn mkstemp
199 attempting to modify the string constant that was given.
200 If the program in question makes heavy use of that type
201 of function call, you do have the option of compiling the program
202 so that it will store string constants in a writable segment of memory.
203 See
204 .Xr gcc 1
205 for more information.
206 .Sh BUGS
207 This family of functions produces filenames which can be guessed,
208 though the risk is minimized when large numbers of
209 .Ql X Ns s
210 are used to
211 increase the number of possible temporary filenames.
212 This makes the race in
213 .Fn mktemp ,
214 between testing for a file's existence (in the
215 .Fn mktemp
216 function call)
217 and opening it for use
218 (later in the user application)
219 particularly dangerous from a security perspective.
220 Whenever it is possible,
221 .Fn mkstemp
222 should be used instead, since it does not have the race condition.
223 If
224 .Fn mkstemp
225 cannot be used, the filename created by
226 .Fn mktemp
227 should be created using the
228 .Dv O_EXCL
229 flag to
230 .Xr open 2
231 and the return status of the call should be tested for failure.
232 This will ensure that the program does not continue blindly
233 in the event that an attacker has already created the file
234 with the intention of manipulating or reading its contents.
235 .Pp
236 The implementation of these functions calls
237 .Xr arc4random 3 ,
238 which is not reentrant.
239 You must provide your own locking around this and other consumers of the
240 .Xr arc4random 3
241 API.
242 .Sh LEGACY SYNOPSIS
243 .Fd #include <unistd.h>
244 .Pp
245 The include file
246 .In unistd.h
247 is necessary and sufficient for all functions.
248 .Sh SEE ALSO
249 .Xr chmod 2 ,
250 .Xr getpid 2 ,
251 .Xr mkdir 2 ,
252 .Xr open 2 ,
253 .Xr stat 2 ,
254 .Xr compat 5
255 .Sh HISTORY
256 A
257 .Fn mktemp
258 function appeared in
259 .At v7 .
260 The
261 .Fn mkstemp
262 function appeared in
263 .Bx 4.4 .
264 The
265 .Fn mkdtemp
266 function first appeared in
267 .Ox 2.2 ,
268 and later in
269 .Fx 3.2 .
270 The
271 .Fn mkstemps
272 function first appeared in
273 .Ox 2.4 ,
274 and later in
275 .Fx 3.4 .
mirror of libc