-
2011.01.10 16:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
-
2011.01.10 18:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
-
2011.01.10 20:35 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
- 2011.01.10 20:37 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
- 2011.01.10 20:54 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn
-
2011.01.10 20:35 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
-
2011.01.10 18:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
2011.01.11 15:41 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
On 1/10/2011 7:01 PM, Igor Skochinsky wrote:
On Windows, one can use tmpfile_s().
Do NOT use tmpfile() ('secure' or not). Due to the DOS legacy, it tries to create the file in the root directory of the current drive, which fails for C:\ under non-admin user on Vista and later. Use instead tmpnam() followed by fopen() with mode "w+bTD" (write, binary, temporary, delete on close).
Good point. However, doesn't using tmpnam() will re-introduce the
possibility of a TOCTOU attack? It took me a while to find the current
CERT recommendation on this [1]. The sad state of affairs as I read it
seems that there is no 100% secure way to create temporary files on
Windows!?
-Edward
1. https://www.securecoding.cert.org/confluence/display/seccode/FIO43-C.+Do+not+create+temporary+files+in+shared+directories