Getting a safe path for a temporary file
Cym13
cpicard at openmailbox.org
Thu Oct 26 01:49:55 UTC 2017
On Sunday, 18 January 2015 at 16:00:32 UTC, Kagamin wrote:
> On Sunday, 18 January 2015 at 11:21:52 UTC, Marc Schütz wrote:
>> It's not different, and if you're still doing the O_EXCL open
>> afterwards, it's safe. I just assumed you were going to use
>> the generated filename without a further check. This is then
>> unsafe, no matter how the UUID is generated, and depending on
>> the RNG that's been used, they can be quite predictable.
>> Granted, the risk is low, but still...
>
> tmpfile is more predictable: it generates sequential file names.
Being predictable is only an issue if the file is wrongly used
(ie: no check that it might already exist, or be a symlink or
check at the wrong time leaving an exploitable time frame etc).
Sequential file names are a good way to provide uniqueness over a
single system after all.
More information about the Digitalmars-d-learn
mailing list