问题描述

这两个操作创建一个空文件，并返回文件名，但mkstemp叶文件以独占方式打开，让您的句柄。是否有一个安全效益的C函数？这是否意味着，没有在命令行版本的安全漏洞？

Both operations create an empty file and return the filename but mkstemp leaves the file open in exclusive mode and gives you the handle. Is there a safety benefit to the C-function? Does this imply that there is a safety hole in the command-line version?

顺便说一句，有趣的是，有在Linux C API的一些相关的功能，其中大部分的说：不要使用这个功能（或类似）在他们的手册页。

As an aside, it is interesting that there are several related functions in the C api on Linux and most of them say "Don't use this function" (or similar) in their man page.

推荐答案

你可以很容易地从 mktemp的（1）源$ C ​​$ C看到的，它基本上是什么都不做但调用 mkstemp（3）。

As you can easily see from mktemp(1) source code, it essentially does nothing but calling mkstemp(3).

在Linux中独占模式意味着函数将失败，如果该文件已经存在，它不能保证锁定。其他进程可以删除此文件，重新创建并用数据填充它，尽管文件句柄是开放式（3）你的过程。

Exclusive mode in Linux means that function will fail if the file already exists, it does not guarantee locking. Other process can delete this file, create it again and fill it with data, despite the file handle being open(3) by your process.

有在C函数没有额外的安全性相比，命令行工具。

There is no additional safety in C function compared to command line utility.

这篇关于在Linux，是命令行程序mktemp的比C函数mkstemp更不安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！