On Thu, Sep 22, 2016 at 11:09:03PM +0900, Olaf Meeuwissen wrote: > > To what mktemp() should be replaced? Will there be sanei function to > > drop-in replace it? > > The mktemp(3) manual page suggests mkstemp (POSIX.1-2001, not in C99). > That is used by the bh and pieusb backends. You can also use tmpfile > (POSIX.1-2001, POSI.1-2008 and in C99), which is what I used in my patch > for the avision backend (not pushed yet).
I feared that mkstemp and tmpfile are not available on all platforms supported by sane-backends. > I wasn't thinking of providing a sanei function for this. I think, if many libc authors wasn't able to design and implement good enough mktemp() from the first attempt, how is average sane contributor could be expected to do better? Just saying 'do not use mktemp' can produce even worse results (see below). > Note that mktemp() only creates a file*name* so the O_EXCL is not an > issue then and calling fopen() or open() isn't subject to this flag > unless passed explicitly. Child processes inherit non-exclusive open > file descriptors. Main security problem with mktemp is chance of opening precreated file, which impact could be mitigated with open() with O_EXCL flag. (Or fopen() with "x" flag, but I don't know how portable it's again.) In that regard, mktemp() can not be worse than opening static filename, like pieusb_specific.c, avision.c, canon630u-common.c, pnm.c, xerox_mfp.c are currently doing. -abc -- sane-devel mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/sane-devel Unsubscribe: Send mail with subject "unsubscribe your_password" to [email protected]
