[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: tmpnam(e)
- From: Reuben Thomas <rrt@...>
- Date: Sun, 6 May 2001 17:18:37 +0100 (BST)
The Lua manual is rather misleading when it says that tmpname() returns a
file name that can *safely* be used for a temporary file. This is a lie.
tmpname calls ANSI tmpnam(), which should never be used (at least, not in
programs that expect to work properly: it's insecure and unsafe).
Given that there's no ANSI workaround to make tmpnam safe, can I suggest two
solutions:
1. Implement tmpname with tmpnam if there's no other choice, or mkstemp if
it's available. (Hence, tmpname should actually open a file, not just return
a name.) This is not perhaps a good solution for Lua, since it involves
putting in non-ANSI code (even if there's an ANSI alternative) and it still
exposes Lua scripts running on systems without mkstemp to problems.
2. Deprecate tmpname(). Preferably require -DLUA_TMPNAME or somesuch to
compile it in, so that it's not available by default. This forces Lua
programmers either to use a system-specific method (such as mkstemp) that is
known to be safe, or to use some ad-hoc method (e.g. generate their own
random filename), but *at least they know it's ad-hoc*. Eventually, tmpname
can be removed.
At the very least, a warning should be put in the manual, rather than the
current assertion that tmpname is safe.
--
http://sc3d.org/rrt/ | Slow Pedestrian Crossing