summary refs log tree commit diff
path: root/manual/filesys.texi
diff options
context:
space:
mode:
Diffstat (limited to 'manual/filesys.texi')
-rw-r--r--manual/filesys.texi14
1 files changed, 14 insertions, 0 deletions
diff --git a/manual/filesys.texi b/manual/filesys.texi
index c3ab7c562a..4ae13dc8dd 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -2345,6 +2345,13 @@ It is possible for @code{tmpnam} to fail if you call it too many times
 without removing previously created files.  This is because the fixed
 length of a temporary file name gives room for only a finite number of
 different names.  If @code{tmpnam} fails, it returns a null pointer.
+
+@strong{Warning:} Since between the time the pathname is constructed and
+the file is created another process might have created a file with this
+name using @code{tmpnam} is a possible security hole.  The
+implementation generates names which hardly can be predicted but opening
+the file in any case should use the @code{O_EXCL} flag.  Using
+@code{tmpfile} is a safe way to avoid this problem.
 @end deftypefun
 
 @comment stdio.h
@@ -2445,6 +2452,13 @@ The @code{mktemp} function generates a unique file name by modifying
 name, it makes @var{template} an empty string and returns that.  If
 @var{template} does not end with @samp{XXXXXX}, @code{mktemp} returns a
 null pointer.
+
+@strong{Warning:} Since between the time the pathname is constructed and
+the file is created another process might have created a file with this
+name using @code{mktemp} is a possible security hole.  The
+implementation generates names which hardly can be predicted but opening
+the file in any case should use the @code{O_EXCL} flag.  Using
+@code{mkstemp} is a safe way to avoid this problem.
 @end deftypefun
 
 @comment unistd.h