[fpc-pascal] GetTempFileName in Linux

Wed Oct 6 18:00:36 CEST 2010

Michael Van Canneyt ha scritto:
> 
> 
> On Wed, 6 Oct 2010, Jonas Maebe wrote:
> 
>>
>> On 06 Oct 2010, at 11:05, Michael Van Canneyt wrote:
>>
>>> On Wed, 6 Oct 2010, Jonas Maebe wrote:
>>>
>>>> On 06 Oct 2010, at 09:41, Michael Van Canneyt wrote:
>>>>
>>>>> This is always true on Unix, the only way to make sure is to have 
>>>>> the kernel
>>>>> create the temporary name and file for you. Unix - to my knowledge 
>>>>> - does not have a way to create and lock a file in one atomic 
>>>>> operation; There are
>>>>> always 2 operations involved, and so anything can happen between the 2
>>>>> calls.
>>>>
>>>> You can at least open a file with O_CREAT|O_EXCL|O_NOFOLLOW to make 
>>>> sure that it does not yet exist at the point that you create it (and 
>>>> that it's not a symlink either).
>>>
>>> This is correct, but doesn't lock the file,
>>
>> Locking is always advisory on Unix, so that doesn't matter anyway.
>>
>>> and so it doesn't prevent
>>> someone from 'stealing' the file before the lock is applied.
>>
>> Nobody else can steal the file once you have created it, because they 
>> won't be the owner nor have the necessary permissions. That is the 
>> main security risk and it is solved by this approach. The fact that 
>> another process running under your login not using O_EXCL could 
>> overwrite it is not an extra security risk (if you have a rogue 
>> process running under your login, nothing that you do is safe because 
>> it can use ptrace to modify any process in any way it sees fit anyway).
> 
> And that is why I think the whole point is hugely exaggerated :-)
> 
> But it doesn't mean we shouldn't do our best to make it minimally safe.
> 
> Michael.
> _______________________________________________
> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
> http://lists.freepascal.org/mailman/listinfo/fpc-pascal
> 

To avoid reinventing the wheel, POSIX provides:

int mkstemp(*char template)

( http://linux.die.net/man/3/mkstemp )

which does exactly what is required, i.e. it creates an unique name and
opens the file for write with O_EXCL flag, and permissions 0600
(starting from glibc 2.0.7, before it was 0666), ensuring the uniqueness
on success.

If libc dependency is not desirable, the same functionality can be
reimplemented in fpc, using libc implementation as a guideline to
maintain consistency in Unix environment.

Giuliano

-- 
Giuliano Colla

Whenever people agree with me, I always feel I must be wrong (O. Wilde)