Actually, there is an easy solution with fopen()

Posted Sep 20, 2007 18:45 UTC (Thu) by vmole (guest, #111)
In reply to: Actually, there is an easy solution with fopen() by hummassa
Parent article: Exploiting symlinks and tmpfiles

...except for the fact that it WILL clobber an empty file

So, in other words, it doesn't do what the function name claims. Not to mention no error checking on the fopen() call. Yeah, I know, it's just psuedo-code in a comment. But since the whole article is about correct code without security holes, I'm being a dick about it.

Anyway, it pointless to try to do this within the C standard. If you don't have POSIX calls (open(), fdopen()), then you don't have POSIX file system semantics, so you've got no guarantees anyway. For temporary files, use tmpfile(). If your OS/library doesn't have tmpfile() (which means it's not even C89), implement it using whatever OS specific tools are necessary. For non-temporary but unique files, the most general technique looks to be mkstemp() and rename(), but I'd guess plain old open()/fdopen() is just as well supported.