maxim 47a8f834c2 o Add ENVIRONMENT section and mention there that TMPDIR is ignored
when issetugid(3) is true.

PR:		docs/108346
Obtained from:	OpenBSD
MFC after:	1 week
2007-03-16 21:46:24 +00:00

249 lines
6.1 KiB
Groff

.\" Copyright (c) 1988, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" the American National Standards Committee X3, on Information
.\" Processing Systems.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)tmpnam.3 8.2 (Berkeley) 11/17/93
.\" $FreeBSD$
.\"
.Dd March 18, 2007
.Dt TMPFILE 3
.Os
.Sh NAME
.Nm tempnam ,
.Nm tmpfile ,
.Nm tmpnam
.Nd temporary file routines
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In stdio.h
.Ft FILE *
.Fn tmpfile void
.Ft char *
.Fn tmpnam "char *str"
.Ft char *
.Fn tempnam "const char *tmpdir" "const char *prefix"
.Sh DESCRIPTION
The
.Fn tmpfile
function
returns a pointer to a stream associated with a file descriptor returned
by the routine
.Xr mkstemp 3 .
The created file is unlinked before
.Fn tmpfile
returns, causing the file to be automatically deleted when the last
reference to it is closed.
The file is opened with the access value
.Ql w+ .
The file is created in the directory determined by the environment variable
.Ev TMPDIR
if set.
The default location if
.Ev TMPDIR
is not set is
.Pa /tmp .
.Pp
The
.Fn tmpnam
function
returns a pointer to a file name, in the
.Dv P_tmpdir
directory, which
did not reference an existing file at some indeterminate point in the
past.
.Dv P_tmpdir
is defined in the include file
.In stdio.h .
If the argument
.Fa str
is
.Pf non- Dv NULL ,
the file name is copied to the buffer it references.
Otherwise, the file name is copied to a static buffer.
In either case,
.Fn tmpnam
returns a pointer to the file name.
.Pp
The buffer referenced by
.Fa str
is expected to be at least
.Dv L_tmpnam
bytes in length.
.Dv L_tmpnam
is defined in the include file
.In stdio.h .
.Pp
The
.Fn tempnam
function
is similar to
.Fn tmpnam ,
but provides the ability to specify the directory which will
contain the temporary file and the file name prefix.
.Pp
The environment variable
.Ev TMPDIR
(if set), the argument
.Fa tmpdir
(if
.Pf non- Dv NULL ) ,
the directory
.Dv P_tmpdir ,
and the directory
.Pa /tmp
are tried, in the listed order, as directories in which to store the
temporary file.
.Pp
The argument
.Fa prefix ,
if
.Pf non- Dv NULL ,
is used to specify a file name prefix, which will be the
first part of the created file name.
The
.Fn tempnam
function
allocates memory in which to store the file name; the returned pointer
may be used as a subsequent argument to
.Xr free 3 .
.Sh RETURN VALUES
The
.Fn tmpfile
function
returns a pointer to an open file stream on success, and a
.Dv NULL
pointer
on error.
.Pp
The
.Fn tmpnam
and
.Fn tempfile
functions
return a pointer to a file name on success, and a
.Dv NULL
pointer
on error.
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev TMPDIR
.Pf [ Fn tempnam
only]
If set,
the directory in which the temporary file is stored.
.Ev TMPDIR
is ignored for processes
for which
.Xr issetugid 2
is true.
.El
.Sh COMPATIBILITY
These interfaces are provided from System V and
.Tn ANSI
compatibility only.
.Pp
Most historic implementations of these functions provide
only a limited number of possible temporary file names
(usually 26)
before file names will start being recycled.
System V implementations of these functions
(and of
.Xr mktemp 3 )
use the
.Xr access 2
system call to determine whether or not the temporary file
may be created.
This has obvious ramifications for setuid or setgid programs,
complicating the portable use of these interfaces in such programs.
.Pp
The
.Fn tmpfile
interface should not be used in software expected to be used on other systems
if there is any possibility that the user does not wish the temporary file to
be publicly readable and writable.
.Sh ERRORS
The
.Fn tmpfile
function
may fail and set the global variable
.Va errno
for any of the errors specified for the library functions
.Xr fdopen 3
or
.Xr mkstemp 3 .
.Pp
The
.Fn tmpnam
function
may fail and set
.Va errno
for any of the errors specified for the library function
.Xr mktemp 3 .
.Pp
The
.Fn tempnam
function
may fail and set
.Va errno
for any of the errors specified for the library functions
.Xr malloc 3
or
.Xr mktemp 3 .
.Sh SECURITY CONSIDERATIONS
The
.Fn tmpnam
and
.Fn tempnam
functions are susceptible to a race condition
occurring between the selection of the file name
and the creation of the file,
which allows malicious users
to potentially overwrite arbitrary files in the system,
depending on the level of privilege of the running program.
Additionally, there is no means by which
file permissions may be specified.
It is strongly suggested that
.Xr mkstemp 3
be used in place of these functions.
(See
the FSA.)
.Sh SEE ALSO
.Xr mkstemp 3 ,
.Xr mktemp 3
.Sh STANDARDS
The
.Fn tmpfile
and
.Fn tmpnam
functions
conform to
.St -isoC .