tmpnam
lucas
finish the compile:
warning: the use of `tmpnam' is dangerous, better use `mkstemp'
is there away around this? or do i have to modify the source to use mkstemp?
regrads,
--
lucas
-------------------------
Perl Coder since 2001
shift || die;
-------------------------
Eric Sosman
lucas wrote:
> when i compile programs i download for linux, i get this warning and i can't
> finish the compile:
> warning: the use of `tmpnam' is dangerous, better use `mkstemp'
>
> is there away around this? or do i have to modify the source to use mkstemp?
"Is there a way around this?" Well, if "this" is the
shortcomings of tmpname(), then no: if you use tmpnam(), you
accept its problems. Some of those problems are:
- Race conditions: tmpnam() generates a file name that is
not in use at the moment of the call, but there's no
guarantee that some other program might not create such
a file two nanoseconds later, before you get a chance
to use the name tmpnam() built for you.
- Security holes: It's at least conceivable that the race
condition mentioned above could be exploited as part of
a penetration of privilege barriers.
- Disk pollution: When you create a file using the name
tmpnam() gave you, you must remember to remove() it when
you're through (assuming you want it to be temporary).
If your program crashes or is stopped by ^C or some such
and you don't remove() the file, it will hang around on
the disk and take up space. This could become troublesome,
especially if the "temporary" files tend to be large.
What to do instead? The Standard C library provides the
tmpfile() function, which solves or at least addresses most of
these problems. As for mkstemp() -- well, it's not part of
Standard C; try a newsgroup like comp.unix.programmer if you
need help with it.
Keith Thompson
> when i compile programs i download for linux, i get this warning and i can't
> finish the compile:
> warning: the use of `tmpnam' is dangerous, better use `mkstemp'
>
> is there away around this? or do i have to modify the source to use mkstemp?
Compilers are allowed to issue warnings whenever they like. There are
several workarounds: ignore the warning, don't use tmpnam, or invoke
the compiler in a way that inhibits the warning. The latter may or
may not be possible (consult the compiler documentation for more
information).
<OT>
Since it's a warning, it won't cause the compilation to fail. There
must be something else causing that. (The standard doesn't
distinguish between warnings and error messages, but gcc does.)
Look at the compiler output for error messages that don't include
the word "warning".
</OT>
It's true that tmpnam() can cause problems, particularly on systems
where other programs may be executing. The advantage is that it's
part of the C standard; mkstemp may be safer, but it's non-standard.
<OT>
"man tmpnam" will give you more information.
</OT>
It sounds like this is code that someone else wrote. It's up to you
to decide whether you want to modify it, complain to the author, or
whatever.
--
Keith Thompson (The_Other_Keith) ks...@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Flash Gordon
> when i compile programs i download for linux, i get this warning and i can't
> finish the compile:
> warning: the use of `tmpnam' is dangerous, better use `mkstemp'
>
> is there away around this? or do i have to modify the source to use mkstemp?
That warning is not preventing the compilation. However, without the
code and the actual errors (if there are any) all anyone can say is that
you have at least two problems. One is that you can't compile the
program you want and the other is that you don't know enough to provide
the information required to help.
Based on your question and apparent level of knowledge I would suggest
looking for a prebuilt (binary) package for the software.
--
Flash Gordon
Living in interesting times.
Although my email address says spam, it is real and I read it.