openBinaryTempFile
Ben Franksen
ben.franksen at online.de
Sat Feb 21 10:39:30 UTC 2015
Phil Ruffwind wrote:
>> If openBinaryTempFile is used in this way a few times in a row, it
>> returns the same file name every time.
>
> A quick inspection of the [source code][1] reveals that it uses the
> process ID
> (PID) to generate the initial filename of the temporary file. If the file
> already exists, the number is incremented until a new file is created. So
> the current implementation does in fact have this predictable behavior.
>
> I don't *think* this is insecure (but don't quote me on that), since
> `O_EXCL` is used to create the file, but it may be somewhat inefficient if
> there are a many files being created by one process or if processes with
> similar IDs create temporary files with this method.
Thanks for digging it up. I don't think it is insecure, I guess our code
just makes a wrong assumption (somewhere) about the file name being unique
when it cleans up afterwards.
Cheers
Ben
--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies and the other
way is to make it so complicated that there are no obvious deficiencies.
The first method is far more difficult." ― C.A.R. Hoare
More information about the Libraries
mailing list