From 7d1115e0c792f79c9eb728bf9027053a5868ff23 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 8 Aug 2017 09:49:40 -0700 Subject: [PATCH] Document make-temp-name magic limitations * doc/lispref/files.texi (Unique File Names): * src/fileio.c (Fmake_temp_name): Document that make-temp-name does not guarantee uniqueness on magic file names. --- doc/lispref/files.texi | 9 +++++---- src/fileio.c | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/doc/lispref/files.texi b/doc/lispref/files.texi index 2b692dbf680..d3f40a7c0c0 100644 --- a/doc/lispref/files.texi +++ b/doc/lispref/files.texi @@ -2547,13 +2547,14 @@ should compute the directory like this: @end defopt @defun make-temp-name base-name -This function generates a string that can be used as a unique file +This function generates a string that might be a unique file name. The name starts with @var{base-name}, and has several random characters appended to it, which are different in each Emacs job. It is like @code{make-temp-file} except that (i) it just constructs a -name, and does not create a file, and (ii) @var{base-name} should be -an absolute file name (on MS-DOS, this function can truncate -@var{base-name} to fit into the 8+3 file-name limits). +name and does not create a file, (ii) @var{base-name} should be an +absolute file name that is not magic, and (iii) if the returned file +name is magic, it might name an existing file. @xref{Magic File +Names}. @strong{Warning:} In most cases, you should not use this function; use @code{make-temp-file} instead! This function is susceptible to a race diff --git a/src/fileio.c b/src/fileio.c index db760d9b22d..15845e39144 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -757,7 +757,8 @@ danger of generating a name being used by another Emacs process \(so long as only a single host can access the containing directory...). This function tries to choose a name that has no existing file. -For this to work, PREFIX should be an absolute file name. +For this to work, PREFIX should be an absolute file name, and PREFIX +and the returned string should both be non-magic. There is a race condition between calling `make-temp-name' and creating the file, which opens all kinds of security holes. For that reason, you should -- 2.39.5