问题描述
我得到这个警告说,tmpnam是危险的,但我宁愿使用它,因为它可以在Windows和Linux中使用。我想知道为什么它会被认为是危险的(我猜这是因为潜在的滥用,而不是它实际上不能正常工作)。
I get this warning saying that tmpnam is dangerous, but I would prefer to use it, since it can be used as is in Windows as well as Linux. I was wondering why it would be considered dangerous (I'm guessing it's because of the potential for misuse rather than it actually not working properly).
推荐答案
从tmpnam手册页:
From tmpnam manpage :
虽然tmpnam()生成难以猜测的名称,但是可能的是, tmpnam()返回一个路径名和程序打开它的时间,另一个程序可能使用open(2)创建该路径名,或者创建它作为一个符号链接。这可能导致安全漏洞。为了避免这种可能性,请使用open(2)O_EXCL标志打开路径名。或者更好的是,使用mkstemp(3)或tmpfile(3)。
Although tmpnam() generates names that are difficult to guess, it is nevertheless possible that between the time that tmpnam() returns a pathname, and the time that the program opens it, another program might create that pathname using open(2), or create it as a symbolic link. This can lead to security holes. To avoid such possibilities, use the open(2) O_EXCL flag to open the pathname. Or better yet, use mkstemp(3) or tmpfile(3).
Mktemp真正创建文件, ,而tmpnam返回一个名称,可能已经存在。
Mktemp really create the file, so you are assured it works, whereas tmpnam returns a name, possibly already existing.
这篇关于tmpnam警告说它是危险的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!