POSIX 2008 says this: | The mkstemp() function shall create the file, and obtain a file descriptor for | it, as if by a call to: | | open(filename, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR) So the warning about permissions is probably obsolete by now.
The reference to glibc 2.0.6 looks obsolete as well. It was released in 1997, after all.
Thanks for the report, but man-pages tends to have a long memory. Some (few) people will care about this behavior. The POSIX info dates only from 2008. POSIX.1-2001 did not specify that detail. All of that said, the info about old glibc could be deemphasized a little, since it is so old now. So. I've moved it to notes, and added a note about POSIX.1-2008. See the patch below: --- a/man3/mkstemp.3 +++ b/man3/mkstemp.3 @@ -89,8 +89,6 @@ must not be a string constant, but should be declared as a character array. The file is created with permissions 0600, that is, read plus write for owner only. -(In glibc versions 2.06 and earlier, the file is created with permissions 0666, -that is, read and write for all users.) The returned file descriptor provides both read and write access to the file. The file is opened with the .BR open (2) @@ -187,9 +185,12 @@ and .BR mkostemps (): are glibc extensions. .SH NOTES -The old behavior of creating a file with mode 0666 may be +In glibc versions 2.06 and earlier, the file is created with permissions 0666, +that is, read and write for all users. +This old behavior may be a security risk, especially since other UNIX flavors use 0600, and somebody might overlook this detail when porting programs. +POSIX.1-2008 adds a requirement that the file be created with mode 0600. More generally, the POSIX specification of .BR mkstemp ()
This looks good to me, thanks.