[src/trunk]: src/lib/libc/stdio - add description of the race.

[yamt <yamt%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/6e8cd381b898
branches:  trunk
changeset: 535111:6e8cd381b898
user:      yamt <yamt%NetBSD.org@localhost>
date:      Sat Aug 10 16:34:29 2002 +0000

description:
- add description of the race.
- fix typo.
from OpenBSD.

diffstat:

 lib/libc/stdio/tmpnam.3 |  21 +++++++++++++++++----
 1 files changed, 17 insertions(+), 4 deletions(-)

diffs (49 lines):

diff -r 97c901ad51be -r 6e8cd381b898 lib/libc/stdio/tmpnam.3
--- a/lib/libc/stdio/tmpnam.3   Sat Aug 10 16:33:23 2002 +0000
+++ b/lib/libc/stdio/tmpnam.3   Sat Aug 10 16:34:29 2002 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: tmpnam.3,v 1.9 2002/02/07 07:00:27 ross Exp $
+.\"    $NetBSD: tmpnam.3,v 1.10 2002/08/10 16:34:29 yamt Exp $
 .\"
 .\" Copyright (c) 1988, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -37,7 +37,7 @@
 .\"
 .\"     @(#)tmpnam.3   8.2 (Berkeley) 11/17/93
 .\"
-.Dd March 24, 1997
+.Dd August 11, 2002
 .Dt TMPFILE 3
 .Os
 .Sh NAME
@@ -142,7 +142,7 @@
 The
 .Fn tmpnam
 and
-.Fn tempfile
+.Fn tempnam
 functions
 return a pointer to a file name on success, and a
 .Dv NULL
@@ -202,7 +202,20 @@
 .Xr mktemp 3
 interface).
 First, there is an obvious race between file name selection and file
-creation and deletion.
+creation and deletion: the program is typically written to call
+.Fn tmpnam Ns ,
+.Fn tmpname Ns , or
+.Xr mktemp 3 .
+Subsequently, the program calls
+.Xr open 2
+or
+.Xr fopen 3
+and erroneously opens a file (or symbolic link, or fifo or other
+device) that the attacker has placed in the expected file location.
+Hence
+.Xr mkstemp 3
+is recommended, since it atomically creates the file.
+.Pp
 Second, most historic implementations provide only a limited number
 of possible temporary file names (usually 26) before file names will
 start being recycled.