warnings on compile

Andrew Tridgell tridge at linuxcare.com
Sun Dec 17 22:11:38 GMT 2000

We continue to use mktemp() because the alternatives are worse.

If we switched to using something based on mkstemp() then we would
actually open up a security hole! That is because some platforms open
the file in mkstemp() with permissions of 0666, which allows an
attacker to modify the file contents. That's why recent Linux man
pages recommend NOT using mkstemp() and instead using tmpfile().

So now of couse people will ask why we don't use tmpfile(). We don't
because it is fundamentally broken as it uses a FILE* pointer. On some
major platforms FILE* is limited to 8 bit file descriptors which means
tmpfile() would fail when Samba has more than 255 files open. Not

Despite the stupid compiler warnings mktemp() (when used properly) is
the most secure option available. When something better comes along we
can consider using it, but meanwhile just put up with the stupid
compiler warnings.

Cheers, Tridge

More information about the samba-technical mailing list