在Linux上,命令行程序mktemp比C函数mkstemp安全吗? [英] On Linux, is the command-line program mktemp less safe than the C-function mkstemp?
问题描述
这两个操作都创建一个空文件并返回文件名,但mkstemp使文件以独占模式打开并给出句柄。 C函数有安全好处吗?这是否意味着在命令行版本中有一个安全漏洞?
Both operations create an empty file and return the filename but mkstemp leaves the file open in exclusive mode and gives you the handle. Is there a safety benefit to the C-function? Does this imply that there is a safety hole in the command-line version?
另外,有趣的是,Linux上的C api有几个相关的功能并且大多数人在其手册页面中说不要使用此功能(或类似)。
As an aside, it is interesting that there are several related functions in the C api on Linux and most of them say "Don't use this function" (or similar) in their man page.
推荐答案
很容易从 mktemp(1)看到源代码,它本质上只调用 mkstemp(3)。
As you can easily see from mktemp(1) source code, it essentially does nothing but calling mkstemp(3).
Linux中的独占模式意味着如果文件已经存在,函数将失败,它不保证锁定。其他进程可以删除此文件,再次创建它并填充数据,尽管文件句柄打开(3)由您的进程。
Exclusive mode in Linux means that function will fail if the file already exists, it does not guarantee locking. Other process can delete this file, create it again and fill it with data, despite the file handle being open(3) by your process.
与命令行实用程序相比,C函数没有额外的安全性。
There is no additional safety in C function compared to command line utility.
这篇关于在Linux上,命令行程序mktemp比C函数mkstemp安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
