1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd July 29, 2019 29.Dt MKTEMP 3 30.Os 31.Sh NAME 32.Nm mktemp 33.Nd make temporary file name (unique) 34.Sh LIBRARY 35.Lb libc 36.Sh SYNOPSIS 37.In stdlib.h 38.Ft char * 39.Fn mktemp "char *template" 40.Ft int 41.Fn mkstemp "char *template" 42.Ft int 43.Fn mkostemp "char *template" "int oflags" 44.Ft int 45.Fn mkostemps "char *template" "int suffixlen" "int oflags" 46.Ft int 47.Fn mkostempsat "int dfd" "char *template" "int suffixlen" "int oflags" 48.Ft char * 49.Fn mkdtemp "char *template" 50.In unistd.h 51.Ft int 52.Fn mkstemps "char *template" "int suffixlen" 53.Sh DESCRIPTION 54The 55.Fn mktemp 56function 57takes the given file name template and overwrites a portion of it 58to create a file name. 59This file name is guaranteed not to exist at the time of function invocation 60and is suitable for use 61by the application. 62The template may be any file name with some number of 63.Ql X Ns s 64appended 65to it, for example 66.Pa /tmp/temp.XXXXXXXXXX . 67The trailing 68.Ql X Ns s 69are replaced with a 70unique alphanumeric combination. 71The number of unique file names 72.Fn mktemp 73can return depends on the number of 74.Ql X Ns s 75provided; six 76.Ql X Ns s 77will 78result in 79.Fn mktemp 80selecting one of 56800235584 (62 ** 6) possible temporary file names. 81.Pp 82The 83.Fn mkstemp 84function 85makes the same replacement to the template and creates the template file, 86mode 0600, returning a file descriptor opened for reading and writing. 87This avoids the race between testing for a file's existence and opening it 88for use. 89.Pp 90The 91.Fn mkostemp 92function 93is like 94.Fn mkstemp 95but allows specifying additional 96.Xr open 2 97flags (defined in 98.In fcntl.h ) . 99The permitted flags are 100.Dv O_APPEND , 101.Dv O_DIRECT , 102.Dv O_SHLOCK , 103.Dv O_EXLOCK , 104.Dv O_SYNC 105and 106.Dv O_CLOEXEC . 107.Pp 108The 109.Fn mkstemps 110and 111.Fn mkostemps 112functions act the same as 113.Fn mkstemp 114and 115.Fn mkostemp 116respectively, 117except they permit a suffix to exist in the template. 118The template should be of the form 119.Pa /tmp/tmpXXXXXXXXXXsuffix . 120The 121.Fn mkstemps 122and 123.Fn mkostemps 124function 125are told the length of the suffix string. 126.Pp 127The 128.Fn mkostempsat 129function acts the same as 130.Fn mkostemps 131but takes an additional directory descriptor as a parameter. 132The temporary file is created relative to the corresponding 133directory, or to the current working directory if the special 134value 135.Dv AT_FDCWD 136is specified. 137If the template path is an absolute path, the 138.Fa dfd 139parameter is ignored and the behavior is identical to 140.Fn mkostemps . 141.Pp 142The 143.Fn mkdtemp 144function makes the same replacement to the template as in 145.Fn mktemp 146and creates the template directory, mode 0700. 147.Sh RETURN VALUES 148The 149.Fn mktemp 150and 151.Fn mkdtemp 152functions return a pointer to the template on success and 153.Dv NULL 154on failure. 155The 156.Fn mkstemp , 157.Fn mkostemp 158.Fn mkstemps 159and 160.Fn mkostemps 161functions 162return \-1 if no suitable file could be created. 163If either call fails an error code is placed in the global variable 164.Va errno . 165.Sh ERRORS 166The 167.Fn mkstemp , 168.Fn mkostemp , 169.Fn mkstemps , 170.Fn mkostemps 171and 172.Fn mkdtemp 173functions 174may set 175.Va errno 176to one of the following values: 177.Bl -tag -width Er 178.It Bq Er ENOTDIR 179The pathname portion of the template is not an existing directory. 180.El 181.Pp 182The 183.Fn mkostemp 184and 185.Fn mkostemps 186functions 187may also set 188.Va errno 189to the following value: 190.Bl -tag -width Er 191.It Bq Er EINVAL 192The 193.Fa oflags 194argument is invalid. 195.El 196.Pp 197The 198.Fn mkstemp , 199.Fn mkostemp , 200.Fn mkstemps , 201.Fn mkostemps 202and 203.Fn mkdtemp 204functions 205may also set 206.Va errno 207to any value specified by the 208.Xr stat 2 209function. 210.Pp 211The 212.Fn mkstemp , 213.Fn mkostemp , 214.Fn mkstemps 215and 216.Fn mkostemps 217functions 218may also set 219.Va errno 220to any value specified by the 221.Xr open 2 222function. 223.Pp 224The 225.Fn mkdtemp 226function 227may also set 228.Va errno 229to any value specified by the 230.Xr mkdir 2 231function. 232.Sh NOTES 233A common problem that results in a core dump is that the programmer 234passes in a read-only string to 235.Fn mktemp , 236.Fn mkstemp , 237.Fn mkstemps 238or 239.Fn mkdtemp . 240This is common with programs that were developed before 241.St -isoC 242compilers were common. 243For example, calling 244.Fn mkstemp 245with an argument of 246.Qq /tmp/tempfile.XXXXXXXXXX 247will result in a core dump due to 248.Fn mkstemp 249attempting to modify the string constant that was given. 250.Pp 251The 252.Fn mkdtemp , 253.Fn mkstemp 254and 255.Fn mktemp 256function prototypes are also available from 257.In unistd.h . 258.Sh SEE ALSO 259.Xr chmod 2 , 260.Xr getpid 2 , 261.Xr mkdir 2 , 262.Xr open 2 , 263.Xr stat 2 264.Sh STANDARDS 265The 266.Fn mkstemp 267and 268.Fn mkdtemp 269functions are expected to conform to 270.St -p1003.1-2008 . 271The 272.Fn mktemp 273function is expected to conform to 274.St -p1003.1-2001 275and is not specified by 276.St -p1003.1-2008 . 277The 278.Fn mkostemp 279function conforms to 280.St -p1003.1-2024 . 281The 282.Fn mkstemps , 283.Fn mkostemps 284and 285.Fn mkostempsat 286functions do not conform to any standard. 287.Sh HISTORY 288A 289.Fn mktemp 290function appeared in 291.At v7 . 292The 293.Fn mkstemp 294function appeared in 295.Bx 4.4 . 296The 297.Fn mkdtemp 298function first appeared in 299.Ox 2.2 , 300and later in 301.Fx 3.2 . 302The 303.Fn mkstemps 304function first appeared in 305.Ox 2.4 , 306and later in 307.Fx 3.4 . 308The 309.Fn mkostemp 310and 311.Fn mkostemps 312functions appeared in 313.Fx 10.0 . 314The 315.Fn mkostempsat 316function appeared in 317.Fx 13.0 . 318.Sh BUGS 319This family of functions produces filenames which can be guessed, 320though the risk is minimized when large numbers of 321.Ql X Ns s 322are used to 323increase the number of possible temporary filenames. 324This makes the race in 325.Fn mktemp , 326between testing for a file's existence (in the 327.Fn mktemp 328function call) 329and opening it for use 330(later in the user application) 331particularly dangerous from a security perspective. 332Whenever it is possible, 333.Fn mkstemp , 334.Fn mkostemp 335or 336.Fn mkostempsat 337should be used instead, since they do not have the race condition. 338If 339.Fn mkstemp 340cannot be used, the filename created by 341.Fn mktemp 342should be created using the 343.Dv O_EXCL 344flag to 345.Xr open 2 346and the return status of the call should be tested for failure. 347This will ensure that the program does not continue blindly 348in the event that an attacker has already created the file 349with the intention of manipulating or reading its contents. 350