This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: [PATCH] Warn when using mktemp

From: "Howland Craig D (Craig)" <howland at LGSInnovations dot com>
To: <newlib at sourceware dot org>
Date: Fri, 13 Mar 2009 14:54:44 -0400
Subject: RE: [PATCH] Warn when using mktemp
References: <20090313175308.GC9322@calimero.vinschen.de> <49BAA76F.3010400@codesourcery.com>

1)  Looks like the patch has an unintended newline in the middle of the
warning message.
2)  Brooks makes a good point about the manual needing an accompanying
addition, should the compile warning be added.  (The explanation in the
RHEL3
man page from GLIB is lacking, making no sense.  The one that Brooks
cites
explains the potential issue much better.)

Not related to the patch, itself, but I noticed when checking on it:
1)  Why is mktemp.c in the stdio directory when it is a stdlib.h
function?
2)  Why is _mktemp_r in stdio.h rather than in stdlib.h?
				Craig

-----Original Message-----
From: newlib-owner@sourceware.org [mailto:newlib-owner@sourceware.org]
On Behalf Of Brooks Moses
Sent: Friday, March 13, 2009 2:35 PM
To: newlib@sourceware.org
Subject: Re: [PATCH] Warn when using mktemp

Corinna Vinschen wrote, at 3/13/2009 10:53 AM:
> the below patch just adds a compile time warning when an application
> is about to use the mktemp function, which is considered dangerous
> (to quote from the Linux man page: "Never use mktemp()" :))
[...]
> -char *  _EXFUN(mktemp,(char *));
> +char *  _EXFUN(mktemp,(char *)) _ATTRIBUTE ((warning ("the use of
`mktemp' is da
> +ngerous, better use `mkstemp'")));
>  #endif

I don't mean to be disagreeable, but it's not clear to me why it's
meaningfully dangerous in many cases where Newlib would be used.  In any
case, the mktemp documentation should be updated to clearly explain why
it's dangerous, so as not to leave users confused.  Doing a Google
search on "mktemp mkstemp dangerous" mostly finds mailing-list threads
of people who are annoyed by the warning.

(Apple's Darwin manpage seems to have a good explanation, FWIW:
http://developer.apple.com/DOCUMENTATION/Darwin/Reference/ManPages/man3/
mktemp.3.html)

Pedantically, also, that error message should use a semicolon rather
than a comma, and I think "use `mkstemp' instead" is a bit less
colloquial as a phrasing than "better use `mkstemp'".

- Brooks

Follow-Ups:
- Re: [PATCH] Warn when using mktemp
  - From: Corinna Vinschen

References:
- [PATCH] Warn when using mktemp
  - From: Corinna Vinschen
- Re: [PATCH] Warn when using mktemp
  - From: Brooks Moses

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]