| MKTEMP(3) | Library Functions Manual | MKTEMP(3) | 
mktemp, mkstemp,
  mkstemps, mkostemp,
  mkostemps, mkdtemp —
#include <stdlib.h>
char *
  
  mktemp(char
    *template);
int
  
  mkstemp(char
    *template);
int
  
  mkostemp(char
    *template, int
    oflags);
int
  
  mkostemps(char
    *template, int
    suffixlen, int
    oflags);
char *
  
  mkdtemp(char
    *template);
#include
    <unistd.h>
int
  
  mkstemps(char
    *template, int
    suffixlen);
mktemp() function takes the given file name template
  and overwrites a portion of it to create a file name. This file name is unique
  and suitable for use by the application. The template may be any file name
  with some number of ‘X’s appended to it,
  for example /tmp/temp.XXXXXX. The trailing
  ‘X’s are replaced with the current
  process number and/or a unique letter combination. The number of unique file
  names mktemp() can return depends on the number of
  ‘X’s provided. Although the
  NetBSD implementation of the functions will accept any
  number of trailing ‘X’s, for portability
  reasons one should use only six. Using six
  ‘X’s will result in
  mktemp() testing roughly 26 ** 6 (308915776)
  combinations.
The mkstemp() function makes the same
    replacement to the template and creates the template file, mode 0600,
    returning a file descriptor opened for reading and writing. This avoids the
    race between testing for a file's existence and opening it for use. The
    mkostemp() function is like
    mkstemp() but allows specifying additional
    open(2) flags (defined in
    <fcntl.h>). The permitted
    flags are O_APPEND,
    O_DIRECT, O_SHLOCK,
    O_EXLOCK, O_SYNC and
    O_CLOEXEC.
The mkstemps() and
    mkostemps() functions act the same as
    mkstemp() and mkostemp()
    respectively, except they permit a suffix to exist in the template. The
    template should be of the form /tmp/tmpXXXXXXsuffix.
    The mkstemps() and
    mkostemps() function are told the length of the
    suffix string.
The mkdtemp() function is similar to
    mkstemp(), but it creates a mode 0700 directory
    instead and returns the path.
Please note that the permissions of the file or directory being created are subject to the restrictions imposed by the umask(2) system call. It may thus happen that the created file is unreadable and/or unwritable.
mktemp() and mkdtemp()
  functions return a pointer to the template on success and
  NULL on failure. The
  mkstemp(), mkostemp(),
  mkstemps() and mkostemps()
  functions returns -1 if no suitable file could be created. If either call
  fails an error code is placed in the global variable
  errno.
mktemp() with mkstemp(),
  usually to avoid the problems described above. Doing this correctly requires a
  good understanding of the code in question.
For instance, code of this form:
char sfn[15] = "";
FILE *sfp;
strlcpy(sfn, "/tmp/ed.XXXXXX", sizeof sfn);
if (mktemp(sfn) == NULL || (sfp = fopen(sfn, "w+")) == NULL) {
        fprintf(stderr, "%s: %s\n", sfn, strerror(errno));
        return (NULL);
}
return (sfp);
should be rewritten like this:
char sfn[15] = "";
FILE *sfp;
int fd = -1;
strlcpy(sfn, "/tmp/ed.XXXXXX", sizeof sfn);
if ((fd = mkstemp(sfn)) == -1 ||
    (sfp = fdopen(fd, "w+")) == NULL) {
        if (fd != -1) {
                unlink(sfn);
                close(fd);
        }
        fprintf(stderr, "%s: %s\n", sfn, strerror(errno));
        return (NULL);
}
return (sfp);
Often one will find code which uses
    mktemp() very early on, perhaps to globally
    initialize the template nicely, but the code which calls
    open(2) or
    fopen(3) on that filename will
    occur much later. (In almost all cases, the use of
    fopen(3) will mean that the
    flags O_CREAT | O_EXCL are
    not given to open(2), and thus a
    symbolic link race becomes possible, hence making necessary the use of
    fdopen(3) as seen above).
    Furthermore, one must be careful about code which opens, closes, and then
    re-opens the file in question. Finally, one must ensure that upon error the
    temporary file is removed correctly.
There are also cases where modifying the code to use
    mktemp(), in concert with
    open(2) using the flags
    O_CREAT | O_EXCL, is better,
    as long as the code retries a new template if
    open(2) fails with an
    errno of EEXIST.
mkstemp(), mkostemp(),
  mkstemps(), mkostemps() and
  mkdtemp() functions may set
  errno to one of the following values:
ENOTDIR]The mktemp(),
    mkstemp() and mkdtemp()
    functions may also set errno to any value specified by
    the stat(2) function.
The mkstemp() function may also set
    errno to any value specified by the
    open(2) function.
The mkdtemp() function may also set
    errno to any value specified by the
    mkdir(2) function.
mktemp() conforms to IEEE Std
  1003.1-2001 (“POSIX.1”). It was however removed from the
  specification in the IEEE Std 1003.1-2008
  (“POSIX.1”) revision. The
  mkstemp() and mkdtemp()
  functions conform to IEEE Std 1003.1-2004
  (“POSIX.1”) and IEEE Std 1003.1-2008
  (“POSIX.1”), respectively.
mktemp() function appeared in
  Version 7 AT&T UNIX.
The mkstemp() function appeared in
    4.4BSD.
The mkdtemp() function appeared in
    NetBSD 1.4. The mkstemps()
    function first appeared in OpenBSD 2.4, and later in
    FreeBSD 3.4 and NetBSD 7.0.
    The mkostemp() and
    mkostemps() functions appeared in
    FreeBSD 10.0 and NetBSD
  7.0.
mktemp() there is an obvious race between file name
  selection and file creation and deletion: the program is typically written to
  call tmpnam(3),
  tempnam(3), or
  mktemp(). Subsequently, the program calls
  open(2) or
  fopen(3) and erroneously opens a
  file (or symbolic link, fifo or other device) that the attacker has created in
  the expected file location. Hence mkstemp() is
  recommended, since it atomically creates the file. An attacker can guess the
  filenames produced by mktemp(). Whenever it is
  possible, mkstemp() or
  mkdtemp() should be used instead.
For this reason, ld(1)
    will output a warning message whenever it links code that uses
    mktemp().
The mkdtemp() function is nonstandard and
    should not be used if portability is required.
mktemp() should generally be avoided, as a
  hostile process can exploit a race condition in the time between the
  generation of a temporary filename by mktemp() and the
  invoker's use of the temporary name. A link-time warning will be issued
  advising the use of mkstemp() or
  mkdtemp() instead.
| June 18, 2014 | NetBSD 9.4 |