TMPFILE(3)                OpenBSD Programmer's Manual               TMPFILE(3)


     tempnam, tmpfile, tmpnam - temporary file routines


     #include <stdio.h>

     FILE *

     char *
     tmpnam(char *str);

     char *
     tempnam(const char *tmpdir, const char *prefix);


     The tmpfile() function returns a pointer to a stream associated with a
     file descriptor returned by the routine mkstemp(3).  The created file is
     unlinked before tmpfile() returns, causing the file to be automatically
     deleted when the last reference to it is closed.  Since mkstemp(3)
     creates the file with mode S_IRUSR | S_IWUSR, after the unlink, fchown(2)
     and umask(2) are used to set the file mode to the expected value.  The
     file is opened with the access value `w+'.

     The tmpnam() function returns a pointer to a file name, in the P_tmpdir
     directory, which did not reference an existing file at some indeterminate
     point in the past.  P_tmpdir is defined in the include file <stdio.h>.
     If the argument str is non-null, the file name is copied to the buffer it
     references.  Otherwise, the file name is copied to a static buffer.  In
     either case, tmpnam() returns a pointer to the file name.

     The buffer referenced by str is expected to be at least L_tmpnam bytes in
     length.  L_tmpnam is defined in the include file <stdio.h>.

     The tempnam() function is similar to tmpnam(), but provides the ability
     to specify the directory which will contain the temporary file and the
     file name prefix.

     The environment variable TMPDIR (if set), the argument tmpdir (if non-
     null), the directory P_tmpdir, and the directory /tmp are tried, in the
     listed order, as directories in which to store the temporary file.

     The argument prefix, if non-null, is used to specify a file name prefix,
     which will be the first part of the created file name.  tempnam()
     allocates memory in which to store the file name; the returned pointer
     may be used as a subsequent argument to free(3).


     The tmpfile() function returns a pointer to an open file stream on
     success, and a null pointer on error.

     The tmpnam() and tempnam() functions return a pointer to a file name on
     success, and a null pointer on error.


     TMPDIR  [tempnam() only] If set, the directory in which the temporary
             file is stored.  TMPDIR is ignored for processes for which
             issetugid(2) is true.


     The tmpfile() function may fail and set the global variable errno for any
     of the errors specified for the library functions fdopen(3) or

     The tmpnam() function may fail and set errno for any of the errors
     specified for the library function mktemp(3).

     The tempnam() function may fail and set errno for any of the errors
     specified for the library functions malloc(3) or mktemp(3).


     issetugid(2), mkstemp(3), mktemp(3)


     The tmpfile() and tmpnam() functions conform to ANSI X3.159-1989
     (``ANSI C89'').


     tmpnam() and tempnam() are provided for System V and ANSI compatibility
     only.  These interfaces are typically not used in safe ways.  The
     mkstemp(3) interface is strongly preferred.

     There are four important problems with these interfaces (as well as with
     the historic mktemp(3) interface).  First, there is an obvious race
     between file name selection and file creation and deletion: the program
     is typically written to call tmpnam(), tempnam(), or mktemp(3).
     Subsequently, the program calls open(2) or fopen(3) and erroneously opens
     a file (or symbolic link, or FIFO or other device) that the attacker has
     placed in the expected file location.  Hence mkstemp(3) is recommended,
     since it atomically creates the file.

     Second, most historic implementations provide only a limited number of
     possible temporary file names (usually 26) before file names will start
     being recycled.  Third, the System V implementations of these functions
     (and of mktemp(3)) use the access(2) function to determine whether or not
     the temporary file may be created.  This has obvious ramifications for
     daemons or setuid/setgid programs, complicating the portable use of these
     interfaces in such programs.  Finally, there is no specification of the
     permissions with which the temporary files are created.

     This implementation does not have these flaws, but portable software
     cannot depend on that.

     For these reasons, ld(1) will output a warning message whenever it links
     code that uses the functions tmpnam() or tempnam().

OpenBSD 5.4                      June 5, 2013                      OpenBSD 5.4

[Unix Hosting | Open-Source | Contact Us]
[Engineering & Automation | Software Development | Server Applications]