At 1:41 PM -0500 12/29/06, Robert C. Seacord wrote:
> I've seen advice here and there to use the mkdtemp() function to create
> temporary directories, for example:
> - Kris Kennaway email at
> recommends them
> - David Wheeler's Secure Programming for Linux and Unix HOWTO at
> mentions it may not be a good idea if tmp cleaners are in use (but this
> sort of suggests maybe it is ok if they are not.)
> - HP 03 Tru64 UNIX Protecting Your System Against File Name Spoofing
> Attacks. January 2003. 
> - etc.
> The mkdtemp() function generates a uniquely-named temporary directory
> from template.  This function appears to work exactly like mktemp()
> works for files, except of course mktemp() has been widely discredited
> because of possible TOCTOU conditions and problems generating unique,
> unpredictable names.
> So my question is, why is mkdtemp() considered safe?  Isn't it also
> susceptible to race conditions?  Is there a reason why these race
> conditions are not at issue in this case?  Or is it only considered safe
> because there is no alternative?

Not on Unix, but I tend to use temporary names based on the Process ID
that is executing.  And of course file protection prevents malevolent

But for a temporary file, I will specify a file that is not in any
directory.  I presume there is such a capbility in Unix.
Larry Kilgallen
Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to