HPE Community
Operating System - HP-UX
1849222 Members
7176 Online
104041 Solutions
New Discussion

Unique filename on HP-UX 11iv2

 
SOLVED
Go to solution
Wilbert Kroon
New Member

‎11-10-2009 11:18 PM

‎11-10-2009 11:18 PM

Unique filename on HP-UX 11iv2

We have just ported our application from Tru64 to HP-UX 11iv2. We run into a problem where function mktemp does NOT always create a unique filename. Is there a standard solution to this?

Thanks
Wilbert
0 Kudos
3 REPLIES 3
VK2COT
Honored Contributor

‎11-11-2009 02:41 AM

‎11-11-2009 02:41 AM

Solution

Re: Unique filename on HP-UX 11iv2

Hello,

I do not have an HP-UX 11.23 server in front of me, but did you try:

tmpfile(3S), tmpnam(3S)

tmpnam(): AES, SVID2, SVID3, XPG2, XPG3,
XPG4, FIPS 151-2, POSIX.1, ANSI C

tempnam(): AES, SVID2, SVID3, XPG2, XPG3,
XPG4

tmpnam() and tempnam() generate a different
file name each time they are called, but
start recycling previously used names if
called more than TMP_MAX times in a single
process!

tmpfile() conforms to:

AES, SVID2, SVID3, XPG2, XPG3, XPG4,
FIPS 151-2, POSIX.1, ANSI C

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Matti_Kurkela
Honored Contributor

‎11-11-2009 03:04 AM

‎11-11-2009 03:04 AM

Re: Unique filename on HP-UX 11iv2

Was your filename template parameter valid?

If mktemp() returns an empty string, it indicates that it was impossible to create an unique filename using the pattern given. Your application should check for this and do an appropriate recovery action if a zero-length string was returned. In a non-interactive program, this usually means aborting with an error message. In an interactive program, you might have the option of requesting the user to specify another directory or something.

Did you read the man page of the mktemp() function? (with command "man 3 mktemp")

http://docs.hp.com/en/B2355-60127/mktemp.3C.html

Right after the SYNOPSIS, it says:

----
Remarks:
These functions are provided solely for backward compatibility and importability of applications, and are not recommended for new applications where portability is important. For portable applications, use tmpfile() instead (see tmpfile(3S)).
----

Other sources make a stronger statement, for example a Linux man page for mktemp(3):
----
BUGS
Never use mktemp(). Some implementations follow 4.3BSD and replace XXXXXX by the current process ID and a single letter, so that at most 26 different names can be returned. Since on the one hand the names are easy to guess, and on the other hand there is a race between testing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3).
----

The man page of HP-UX mktemp() indicates the HP-UX mktemp() implementation does just that and is therefore vulnerable.

Consider replacing the fundamentally insecure mktemp() function call with mkstemp() or tmpfile(), if it does not require too much application modifications.

MK
MK
0 Kudos
Wilbert Kroon
New Member

‎11-13-2009 03:06 AM

‎11-13-2009 03:06 AM

Re: Unique filename on HP-UX 11iv2

Thanks for the great feedback, with these suggestions we can indeed solve our problem
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.