diff options
| author | Edward Thomson <ethomson@edwardthomson.com> | 2022-01-30 19:21:32 -0500 |
|---|---|---|
| committer | Edward Thomson <ethomson@edwardthomson.com> | 2022-01-30 19:21:32 -0500 |
| commit | 4517a48bccf68f16958ed86107f6a4a649925586 (patch) | |
| tree | e6f024fd1018c7816d2042ef4772d4fb4dd56a68 | |
| parent | 4ac5972811a711f9b26e34fd6b6d6df7f5407953 (diff) | |
| download | libgit2-4517a48bccf68f16958ed86107f6a4a649925586.tar.gz | |
futils: document mktmp's safety
| -rw-r--r-- | src/futils.h | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/futils.h b/src/futils.h index 1386dc482..782cf3271 100644 --- a/src/futils.h +++ b/src/futils.h @@ -173,8 +173,16 @@ typedef enum { extern int git_futils_rmdir_r(const char *path, const char *base, uint32_t flags); /** - * Create and open a temporary file with a `_git2_` suffix. - * Writes the filename into path_out. + * Create and open a temporary file with a `_git2_` suffix in a + * protected directory; the file created will created will honor + * the current `umask`. Writes the filename into path_out. + * + * This function is *NOT* suitable for use in temporary directories + * that are world writable. It uses `mktemp` (for portability) and + * many `mktemp` implementations use weak random characters. It + * should only be assumed to be suitable for atomically writing + * a new file in a directory that you control. + * * @return On success, an open file descriptor, else an error code < 0. */ extern int git_futils_mktmp(git_str *path_out, const char *filename, mode_t mode); |