tmpnam警告说它是危险的 [英] tmpnam warning saying it is dangerous

问题描述

我得到这个警告说，tmpnam是危险的，但我宁愿使用它，因为它可以在Windows和Linux中使用。我想知道为什么它会被认为是危险的（我猜这是因为潜在的滥用，而不是它实际上不能正常工作）。

I get this warning saying that tmpnam is dangerous, but I would prefer to use it, since it can be used as is in Windows as well as Linux. I was wondering why it would be considered dangerous (I'm guessing it's because of the potential for misuse rather than it actually not working properly).

推荐答案

从tmpnam手册页：

From tmpnam manpage :

每次调用tmpnam（）函数都会生成一个不同的字符串，最多TMP_MAX次。如果它被调用超过TMP_MAX次，行为是实现定义的。

The tmpnam() function generates a different string each time it is called, up to TMP_MAX times. If it is called more than TMP_MAX times, the behavior is implementation defined.

虽然tmpnam（）生成难以猜测的名称，但是可能的是， tmpnam（）返回一个路径名和程序打开它的时间，另一个程序可能使用open（2）创建该路径名，或者创建它作为一个符号链接。这可能导致安全漏洞。为了避免这种可能性，请使用open（2）O_EXCL标志打开路径名。或者更好的是，使用mkstemp（3）或tmpfile（3）。

Although tmpnam() generates names that are difficult to guess, it is nevertheless possible that between the time that tmpnam() returns a pathname, and the time that the program opens it, another program might create that pathname using open(2), or create it as a symbolic link. This can lead to security holes. To avoid such possibilities, use the open(2) O_EXCL flag to open the pathname. Or better yet, use mkstemp(3) or tmpfile(3).

Mktemp真正创建文件， ，而tmpnam返回一个名称，可能已经存在。

Mktemp really create the file, so you are assured it works, whereas tmpnam returns a name, possibly already existing.

这篇关于tmpnam警告说它是危险的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！