[fpc-pascal] GetTempFileName in Linux

Tue Oct 5 19:22:45 CEST 2010

Well, I need to create BMP files with unique name, to be sent to lpr, then printed. 
Instead of using GetTempFileName, I'll use a GUID, with CreateGUID, and GUIDToString.

Leonardo M. Ramé

http://leonardorame.blogspot.com

--- On Tue, 10/5/10, ik <idokan at gmail.com> wrote:

From: ik <idokan at gmail.com>
Subject: Re: [fpc-pascal] GetTempFileName in Linux
To: "FPC-Pascal users discussions" <fpc-pascal at lists.freepascal.org>
Date: Tuesday, October 5, 2010, 2:26 PM

On Tue, Oct 5, 2010 at 17:30, Sven Barth <pascaldragon at googlemail.com> wrote:

Am 05.10.2010 17:20, schrieb Leonardo M. Ramé:

Hi, if I run this program from command line in Linux, I allways get the same result, "/tmp/TMP00000.tmp". Shouldn't it return a different file name each time it's executed?.

How can I get different file names?

program tempfilename;

uses

   sysutils;

begin

   writeln(GetTempFileName);

end.

Did you delete the file after the run of your program? GetTempFileName always starts from 0 and checks whether that file already exists. If not, it returns that name else it continues increasing the index.

That's a security risk, because it is very easy to know what will be the file name. It should return random name that does not exists on a random length (that the developer chooses).

Symlink attack: http://www.infosecwriters.com/texts.php?op=display&id=159 for better understanding.

Regards,

Sven

_______________________________________________

fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org

http://lists.freepascal.org/mailman/listinfo/fpc-pascal

Ido

-----Inline Attachment Follows-----

_______________________________________________
fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20101005/e7753035/attachment.html>