Boost logo

Boost :

From: Vladimir Prus (ghost_at_[hidden])
Date: 2004-07-20 07:02:20


Jonathan Wakely wrote:

>> No, using mkstemp this way is no different than using tmpnam. Even if
>> the file is already open, there is no reason for it to still be linked
>> in the directory. So you may end up with a different file, and chaos
>> ensues.
>
> Isn't that a bit too general?

I think it is.

> If the file is in a directory that is only writeable to you then only
> the superuser can unlink it, and if you don't trust root you've got far
> bigger problems than this.

Right.

> If you can ensure the files are created in a directory that is not group-
> or world-writeable, or in a directory that has the sticky bit set, then
> isn't it (relatively) safe to use:
>
> char filename[] = "DIR/tmp.XXXXXX";
> const int fd = mkstemp(filename);
> if (fd == -1)
> throw ...;
> std::fstream f(filename);
> ?
>
> It's certainly better than predictable names in predictable directories,
> right?

Actually, on Unix it is safe to just use

  char filename[] = "/tmp/tmp.XXXXXX";
  const int fd = mkstemp(filename);

because it /tmp does not exist, or does not have sticky bit, the system is
in trouble already. And I'm not sure it's even possible to have "/" not
owned by root.

- Volodya


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk