The use of tempnam() is racy and it should be avoided in favor of
mkstemp(). According to the Linux tempnam(3) man page.
"Although tempnam() generates names that are difficult to guess,
it is nevertheless possible that between the time that tempnam()
returns a pathname, and the time that the program opens it, another
program might create that pathname using open(2), or create it as
a symbolic link. This can lead to security holes. To avoid such
possibilities, use the open(2) O_EXCL flag to open the pathname.
Or better yet, use mkstemp(3) or tmpfile(3)."
This issue was flagged by gcc.
ztest.o: In function `setup_data_fd': cmd/ztest/ztest.c:5822:
warning: the use of `tempnam' is dangerous, better use `mkstemp'
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
static void
setup_data_fd(void)
{
- char *tmp = tempnam(NULL, NULL);
- ztest_fd_data = open(tmp, O_RDWR | O_CREAT, 0700);
+ static char ztest_name_data[] = "/tmp/ztest.data.XXXXXX";
+
+ ztest_fd_data = mkstemp(ztest_name_data);
ASSERT3S(ztest_fd_data, >=, 0);
- (void) unlink(tmp);
- free(tmp);
+ (void) unlink(ztest_name_data);
}
static int