New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GCC issues warning: the use of 'tmpnam' is dangerous, better use 'mkstemp' #137

Closed
1100110 opened this Issue Nov 26, 2012 · 2 comments

Comments

Projects
None yet
3 participants
@1100110
Contributor

1100110 commented Nov 26, 2012

.../vibe.d/bin/../source/vibe/core/file.d:43: warning: the use of tmpnam' is dangerous, better usemkstemp'

I have no idea whether or not this is something that should be changed, so I thought I'd point it out as I never saw this warning before.

@1100110

This comment has been minimized.

Show comment
Hide comment
@1100110

1100110 Nov 26, 2012

Contributor

https://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html has this to say:

Warning: Between the time the pathname is constructed and the file is created another process might have created a file with the same name using tmpnam, leading to a possible security hole. The implementation generates names which can hardly be predicted, but when opening the file you should use the O_EXCL flag. Using tmpfile or mkstemp is a safe way to avoid this problem.

Contributor

1100110 commented Nov 26, 2012

https://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html has this to say:

Warning: Between the time the pathname is constructed and the file is created another process might have created a file with the same name using tmpnam, leading to a possible security hole. The implementation generates names which can hardly be predicted, but when opening the file you should use the O_EXCL flag. Using tmpfile or mkstemp is a safe way to avoid this problem.

@ghost ghost assigned s-ludwig Jan 13, 2013

@Abscissa

This comment has been minimized.

Show comment
Hide comment
@Abscissa

Abscissa Feb 5, 2013

I get the same warning on Linux using DMD.

Abscissa commented Feb 5, 2013

I get the same warning on Linux using DMD.

s-ludwig added a commit that referenced this issue Feb 9, 2013

Using mkstemps() on Posix to generate a temporary file handle instead…
… of tmpnam(). Fixes issue #137.

This is checked in from a Windows box, so still needs actual testing.

@s-ludwig s-ludwig closed this Feb 17, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment