1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd July 29, 2019 29.Dt MKTEMP 3 30.Os 31.Sh NAME 32.Nm mktemp 33.Nd make temporary file name (unique) 34.Sh LIBRARY 35.Lb libc 36.Sh SYNOPSIS 37.In stdlib.h 38.Ft char * 39.Fn mktemp "char *template" 40.Ft int 41.Fn mkstemp "char *template" 42.Ft int 43.Fn mkostemp "char *template" "int oflags" 44.Ft int 45.Fn mkostemps "char *template" "int suffixlen" "int oflags" 46.Ft int 47.Fn mkostempsat "int dfd" "char *template" "int suffixlen" "int oflags" 48.Ft char * 49.Fn mkdtemp "char *template" 50.In unistd.h 51.Ft int 52.Fn mkstemps "char *template" "int suffixlen" 53.Sh DESCRIPTION 54The 55.Fn mktemp 56function 57takes the given file name template and overwrites a portion of it 58to create a file name. 59This file name is guaranteed not to exist at the time of function invocation 60and is suitable for use 61by the application. 62The template may be any file name with some number of 63.Ql X Ns s 64appended 65to it, for example 66.Pa /tmp/temp.XXXXXX . 67The trailing 68.Ql X Ns s 69are replaced with a 70unique alphanumeric combination. 71The number of unique file names 72.Fn mktemp 73can return depends on the number of 74.Ql X Ns s 75provided; six 76.Ql X Ns s 77will 78result in 79.Fn mktemp 80selecting one of 56800235584 (62 ** 6) possible temporary file names. 81.Pp 82The 83.Fn mkstemp 84function 85makes the same replacement to the template and creates the template file, 86mode 0600, returning a file descriptor opened for reading and writing. 87This avoids the race between testing for a file's existence and opening it 88for use. 89.Pp 90The 91.Fn mkostemp 92function 93is like 94.Fn mkstemp 95but allows specifying additional 96.Xr open 2 97flags (defined in 98.In fcntl.h ) . 99The permitted flags are 100.Dv O_APPEND , 101.Dv O_DIRECT , 102.Dv O_SHLOCK , 103.Dv O_EXLOCK , 104.Dv O_SYNC 105and 106.Dv O_CLOEXEC . 107.Pp 108The 109.Fn mkstemps 110and 111.Fn mkostemps 112functions act the same as 113.Fn mkstemp 114and 115.Fn mkostemp 116respectively, 117except they permit a suffix to exist in the template. 118The template should be of the form 119.Pa /tmp/tmpXXXXXXsuffix . 120The 121.Fn mkstemps 122and 123.Fn mkostemps 124function 125are told the length of the suffix string. 126.Pp 127The 128.Fn mkostempsat 129function acts the same as 130.Fn mkostemps 131but takes an additional directory descriptor as a parameter. 132The temporary file is created relative to the corresponding 133directory, or to the current working directory if the special 134value 135.Dv AT_FDCWD 136is specified. 137If the template path is an absolute path, the 138.Fa dfd 139parameter is ignored and the behavior is identical to 140.Fn mkostemps . 141.Pp 142The 143.Fn mkdtemp 144function makes the same replacement to the template as in 145.Fn mktemp 146and creates the template directory, mode 0700. 147.Sh RETURN VALUES 148The 149.Fn mktemp 150and 151.Fn mkdtemp 152functions return a pointer to the template on success and 153.Dv NULL 154on failure. 155The 156.Fn mkstemp , 157.Fn mkostemp 158.Fn mkstemps 159and 160.Fn mkostemps 161functions 162return \-1 if no suitable file could be created. 163If either call fails an error code is placed in the global variable 164.Va errno . 165.Sh ERRORS 166The 167.Fn mkstemp , 168.Fn mkostemp , 169.Fn mkstemps , 170.Fn mkostemps 171and 172.Fn mkdtemp 173functions 174may set 175.Va errno 176to one of the following values: 177.Bl -tag -width Er 178.It Bq Er ENOTDIR 179The pathname portion of the template is not an existing directory. 180.El 181.Pp 182The 183.Fn mkostemp 184and 185.Fn mkostemps 186functions 187may also set 188.Va errno 189to the following value: 190.Bl -tag -width Er 191.It Bq Er EINVAL 192The 193.Fa oflags 194argument is invalid. 195.El 196.Pp 197The 198.Fn mkstemp , 199.Fn mkostemp , 200.Fn mkstemps , 201.Fn mkostemps 202and 203.Fn mkdtemp 204functions 205may also set 206.Va errno 207to any value specified by the 208.Xr stat 2 209function. 210.Pp 211The 212.Fn mkstemp , 213.Fn mkostemp , 214.Fn mkstemps 215and 216.Fn mkostemps 217functions 218may also set 219.Va errno 220to any value specified by the 221.Xr open 2 222function. 223.Pp 224The 225.Fn mkdtemp 226function 227may also set 228.Va errno 229to any value specified by the 230.Xr mkdir 2 231function. 232.Sh NOTES 233A common problem that results in a core dump is that the programmer 234passes in a read-only string to 235.Fn mktemp , 236.Fn mkstemp , 237.Fn mkstemps 238or 239.Fn mkdtemp . 240This is common with programs that were developed before 241.St -isoC 242compilers were common. 243For example, calling 244.Fn mkstemp 245with an argument of 246.Qq /tmp/tempfile.XXXXXX 247will result in a core dump due to 248.Fn mkstemp 249attempting to modify the string constant that was given. 250.Pp 251The 252.Fn mkdtemp , 253.Fn mkstemp 254and 255.Fn mktemp 256function prototypes are also available from 257.In unistd.h . 258.Sh SEE ALSO 259.Xr chmod 2 , 260.Xr getpid 2 , 261.Xr mkdir 2 , 262.Xr open 2 , 263.Xr stat 2 264.Sh STANDARDS 265The 266.Fn mkstemp 267and 268.Fn mkdtemp 269functions are expected to conform to 270.St -p1003.1-2008 . 271The 272.Fn mktemp 273function is expected to conform to 274.St -p1003.1-2001 275and is not specified by 276.St -p1003.1-2008 . 277The 278.Fn mkostemp , 279.Fn mkstemps , 280.Fn mkostemps 281and 282.Fn mkostempsat 283functions do not conform to any standard. 284.Sh HISTORY 285A 286.Fn mktemp 287function appeared in 288.At v7 . 289The 290.Fn mkstemp 291function appeared in 292.Bx 4.4 . 293The 294.Fn mkdtemp 295function first appeared in 296.Ox 2.2 , 297and later in 298.Fx 3.2 . 299The 300.Fn mkstemps 301function first appeared in 302.Ox 2.4 , 303and later in 304.Fx 3.4 . 305The 306.Fn mkostemp 307and 308.Fn mkostemps 309functions appeared in 310.Fx 10.0 . 311The 312.Fn mkostempsat 313function appeared in 314.Fx 13.0 . 315.Sh BUGS 316This family of functions produces filenames which can be guessed, 317though the risk is minimized when large numbers of 318.Ql X Ns s 319are used to 320increase the number of possible temporary filenames. 321This makes the race in 322.Fn mktemp , 323between testing for a file's existence (in the 324.Fn mktemp 325function call) 326and opening it for use 327(later in the user application) 328particularly dangerous from a security perspective. 329Whenever it is possible, 330.Fn mkstemp , 331.Fn mkostemp 332or 333.Fn mkostempsat 334should be used instead, since they do not have the race condition. 335If 336.Fn mkstemp 337cannot be used, the filename created by 338.Fn mktemp 339should be created using the 340.Dv O_EXCL 341flag to 342.Xr open 2 343and the return status of the call should be tested for failure. 344This will ensure that the program does not continue blindly 345in the event that an attacker has already created the file 346with the intention of manipulating or reading its contents. 347