Hi, Le mer. 27 janv. 2021 à 22:28, Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> a écrit : > > Salut Bastien, > > On 1/27/21 4:48 PM, roucaries.bast...@gmail.com wrote: > > From: Bastien Roucariès <ro...@debian.org> > > > > Do not use for documentation purposes the unsecure mktemp function > > This message doesn't correspond to the change below (which removes > a reference to "tempnam" and adds a reference to "mktemp".
ok > > But also, I don't think it makes systems more secure to > remove the info that tempnam is influence by TMPDIR. Yes but not documenting obsolete due to insecurity is better from a user point of view experience. I believe that manpage of insecure function should not be cited for documentation purposes (I am a uni teacher and experiment every days the bad example uses in teaching) > And, this patch is surely not correct. Yes, TMPDIR influences > tmpfile(3). But how does TMPDIR influence mktemp(3), mkstemp(3), > and mkdtemp(3), which base the temporary filename on a path > supplied by the caller? I am sorry mkstemp does not need a file path, it need a template. Path is not supplied by the caller. The mkstemp manpage may be improved. Do you want a patch for it ? File name are implementation dependend and path is $TMPDIR > > Finally, a request for patches: the format of the > subject line should rather be: > > [PATCH ...] environ.7: Do not document... Ok will do Will redo this patch > > Thanks, > > Michael > > > Signed-off-by: Bastien Roucariès <ro...@debian.org> > > --- > > man7/environ.7 | 6 +++++- > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/man7/environ.7 b/man7/environ.7 > > index 182d823d2..d889310d6 100644 > > --- a/man7/environ.7 > > +++ b/man7/environ.7 > > @@ -191,7 +191,10 @@ and > > .IP * > > .B TMPDIR > > influences the path prefix of names created by > > -.BR tempnam (3) > > +.BR mktemp (1), > > +.BR mkstemp (3), > > +.BR mkdtemp (3), > > +.BR tmpfile (3), > > and other routines, and the temporary directory used by > > .BR sort (1) > > and other programs. > > @@ -289,6 +292,7 @@ should consider renaming their option to > > .BR csh (1), > > .BR env (1), > > .BR login (1), > > +.BR mktemp (1), > > .BR printenv (1), > > .BR sh (1), > > .BR tcsh (1), > > > > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Linux/UNIX System Programming Training: http://man7.org/training/
