> Hello, > > what is wrong about using tmpnam + fopen ? > > See "Remarks" section in > https://msdn.microsoft.com/en-us/library/x8x7sakw.aspx > > It should solve the problem with placing the file in other path than > root directory. According to linux manpages, both tmpnam and fopen > should be C89 compatible. > https://msdn.microsoft.com/de-de/subscriptions/hs3e7355(v=vs.80).aspx > states it is ANSI compatible implementation available since Windows 95. > > David > Yes I should have clarified before, tmpnam() is a possible alternative, however it is generally recommended to avoid this function.
For example, see https://www.gnu.org/software/libc/manual/html_node/Temporary-Files.html Quote: ---- Warning: Between the time the pathname is constructed and the file is created another process might have created a file with the same name using tmpnam, leading to a possible security hole. The implementation generates names which can hardly be predicted, but when opening the file you should use the O_EXCL flag. Using tmpfile or mkstemp is a safe way to avoid this problem. ---- So I should have said that tmpfile() appears to be the only ANSI C89 method of using temporary files which is thread-safe and also does not contain the security vulnerability described above. The Linux man page for tmpnam() also includes this: ---- BUGS Never use this function. Use mkstemp(3) or tmpfile(3) instead. ----
