From: Miro Jurisic (macdev_at_[hidden])
Date: 2004-07-21 02:17:20
In article <200407211031.10815.ghost_at_[hidden]>,
Vladimir Prus <ghost_at_[hidden]> wrote:
[On creating a new directory for temp files to avoid security problems with temp
file race conditions.]
> I'm still at loss. Could you give some specific situations between
> "completely succeed" and "completely fail". Also, how does it affect
> temporary files? The only case which seems to be problematic is when 'mkdir'
> returns success but does not set the right permissions. Is it ever possible?
> My reading of the docs suggests otherwise.
For example, my understanding is that there are filesystems (e.g. NFS) in which
it is possible for mkdir to return an error even though the directory was
created, for example. That fails the "completely succeeds or completely fails"
definition of atomic I am applying here. However, it is possible that my
knowledge is out of date on this, and it's likely this particular failure is not
relevant to temp file creation.
I strongly believe that boost::filesystem should do the right thing as far as
temp files are concerned, so this question boils down to whether mkdir is the
right thing or not. I have not been able to find an authoritative reference
either way. However,
gives a recommended procedure for creating secure temporary files and it does
not involve mkdir.
(Another difficulty with using mkdir for temp files is that it potentially
leaves you with a directory if you "forget" to delete it because of a poorly
handled exception or a crash; an unlinked file has no such danger.)
-- If this message helped you, consider buying an item from my wish list: <http://web.meeroh.org/wishlist>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk