|
Boost : |
From: Alberto Barbati (abarbati_at_[hidden])
Date: 2003-01-02 19:36:32
Thomas Witt wrote:
>
> Hi Alberto,
>
> Alberto Barbati wrote:
>
>> Hi,
>>
>> first of all, I want to thank Beman Dawes and all others that
>> contributed with the design and development of the Filesystem library.
>> It's a wonderful piece of work.
>>
>> I just would like to propose a couple of additions that I believe are
>> very useful. Both features regard temporary files.
>>
>> First proposal: I propose to add a function with a signature of this
>> kind:
>>
>> path generate_path_for_temp_file();
>
>
> IIRC functions like this are considered a bad idea. They are subject to
> race conditions and a potential security problem.
>
> I agree with you, that the functionality would be really helpfull. The
> usual solution to the race condition problem would be to have a function
> that returns a stream. See mkstemp on POSIX. Win32 has a similar facility.
Then what do you think about my second proposal? (the tempstream class
that was in the attachment.) The best thing to do would be to have that
one implemented as a "primitive" and not implementing
generate_path_for_temp_file() at all. However, that is not easily
achievable in a portable way, because the interface of
std::basic_fstream takes a pathname and not a stream id or FILE* :-(
Moreover, there's no way to specify that the file is to be open
exclusively, so complete security will never be granted if we derive
from std::basic_fstream.
The weak link here is the std::basic_filebuf class, is there someone out
there who wants to write a (possibly portable) replacement of
basic_filebuf that overcome these limitations? It seems an interesting
but huge task, to me.
By the way, the Win32 facility that you are talking about is
GetTempFileName()? That function creates the file but does not open it,
so it's different from mkstemp() that also opens the file exclusively.
So GetTempFileName() is only safe against non-malicious race conditions.
On the other hand, mkstemp() can easily be downgraded to
GetTempFileName() by just keeping the pathname and closing the file ;)
Alberto
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk