Jump to content
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
HP.com home

Transition Impacts

Tru64 UNIX Software Transition Kit
» 

DSPP Home

» HP STK home
Tru64 UNIX STK
» Home
» Overview
» Tools
» Documentation
» Transition impacts
» Identifier types
» Impact list
» Porting to HP-UX
» FAQ
» Glossary
» Help
» Send us feedback
Site maps
» Tru64 UNIX STK
» DSPP
Content starts here

critical impact:

mktemp - temp file security vulnerabilities (CrCh154)

CMD Impacts

Problem description

Some Tru64 UNIX mktemp functionality does not exist on HP-UX.

The mktemp utility makes a name that is suitable for use as the pathname of a temporary file, and writes that name to the standard output.

The Tru64 UNIX version of mktemp addresses the temp file security vulnerabilities that are inherent on HP-UX.

The syntax of the mktemp utility on Tru64 UNIX is:

mktemp [-dqt] [-p prefix_directory] [template]

The current syntax of the mktemp utility on HP-UX is:

mktemp [-c] [-d directory_name] [-p prefix] 

You can use the following options with the mktemp utility on Tru64 UNIX. These options are not available with the HP-UX version of the mktemp utility.

  • The -q option that fails silently if an error occurs.
  • The -t option that creates a directory or file whose path prefix is as follows (in highest to lowest order of precedence):
    • The value of the TMPDIR environment variable
    • The argument to the -p option
    • /tmp

Identifiers

UNIX Commandsmktemp          

See also

Solution description

Review your code and the applicable manpages to determine how to resolve this issue.

If you are developing applications sensitive to security issues as noted here, consider using open source implementations of mktemp that address the temp file security vulnerabilities.

See also


Problem summary

classifications source types OS release severity type
CMD Script any HP-UX 11i version critical changed
Printable version
Privacy statement Using this site means you accept its terms Feedback to DSPP
© 2007 Hewlett-Packard Development Company, L.P.