Document security implications of std::env::temp_dir

Update the sample code to not create an insecure temporary file.
2021-01-20 11:24:47 -08:00 · 2021-01-20 11:24:47 -08:00 · 27f3764519
parent a4cbb44ae2
commit 27f3764519
1 changed files with 9 additions and 6 deletions
--- a/library/std/src/env.rs
+++ b/library/std/src/env.rs
@ -561,6 +561,13 @@ pub fn home_dir() -> Option<PathBuf> {

 /// Returns the path of a temporary directory.
 ///
+/// The temporary directory may be shared among users, or between processes
+/// with different privileges; thus, the creation of any files or directories
+/// in the temporary directory must use a secure method to create a uniquely
+/// named file. Creating a file or directory with a fixed or predictable name
+/// may result in "insecure temporary file" security vulnerabilities. Consider
+/// using a crate that securely creates temporary files or directories.
+///
 /// # Unix
 ///
 /// Returns the value of the `TMPDIR` environment variable if it is
@ -580,14 +587,10 @@ pub fn home_dir() -> Option<PathBuf> {
 ///
 /// ```no_run
 /// use std::env;
-/// use std::fs::File;
 ///
-/// fn main() -> std::io::Result<()> {
+/// fn main() {
 ///     let mut dir = env::temp_dir();
-///     dir.push("foo.txt");
-///
-///     let f = File::create(dir)?;
-///     Ok(())
+///     println!("Temporary directory: {}", dir.display());
 /// }
 /// ```
 #[stable(feature = "env", since = "1.0.0")]