Boost logo

Boost :

From: Jonathan Wakely (cow_at_[hidden])
Date: 2004-07-20 04:15:31


On Tue, Jul 20, 2004 at 08:34:05AM +0200, Guillaume Melquiond wrote:

> > Maybe, you should take a look at the code I've posted... you don't need to
> > create fstream from file descriptor. You can open the file using the name
> > mkstemp returns via the in/out parameter.
>
> No, using mkstemp this way is no different than using tmpnam. Even if
> the file is already open, there is no reason for it to still be linked
> in the directory. So you may end up with a different file, and chaos
> ensues.

Isn't that a bit too general?

If the file is in a directory that is only writeable to you then only
the superuser can unlink it, and if you don't trust root you've got far
bigger problems than this.

If you can ensure the files are created in a directory that is not group-
or world-writeable, or in a directory that has the sticky bit set, then
isn't it (relatively) safe to use:

  char filename[] = "DIR/tmp.XXXXXX";
  const int fd = mkstemp(filename);
  if (fd == -1)
      throw ...;
  std::fstream f(filename);
?

It's certainly better than predictable names in predictable directories,
right?

jon

-- 
"That which needs to be proved cannot be worth much."
	- Nietzsche

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk