Getting a safe path for a temporary file
via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Sun Jan 18 03:21:51 PST 2015
On Sunday, 18 January 2015 at 00:51:37 UTC, Laeeth Isharc wrote:
> I don't follow why a collision attack is applicable in this
> case.
> Your stage 1 of generating unique names: how is this different
> from using a random uuid?
It's not different, and if you're still doing the O_EXCL open
afterwards, it's safe. I just assumed you were going to use the
generated filename without a further check. This is then unsafe,
no matter how the UUID is generated, and depending on the RNG
that's been used, they can be quite predictable. Granted, the
risk is low, but still...
More information about the Digitalmars-d-learn
mailing list