[fpc-pascal] GetTempFileName in Linux
Michael Van Canneyt
michael at freepascal.org
Wed Oct 6 11:59:53 CEST 2010
On Wed, 6 Oct 2010, Jonas Maebe wrote:
>
> On 06 Oct 2010, at 11:05, Michael Van Canneyt wrote:
>
>> On Wed, 6 Oct 2010, Jonas Maebe wrote:
>>
>>> On 06 Oct 2010, at 09:41, Michael Van Canneyt wrote:
>>>
>>>> This is always true on Unix, the only way to make sure is to have the
>>>> kernel
>>>> create the temporary name and file for you. Unix - to my knowledge - does
>>>> not have a way to create and lock a file in one atomic operation; There
>>>> are
>>>> always 2 operations involved, and so anything can happen between the 2
>>>> calls.
>>>
>>> You can at least open a file with O_CREAT|O_EXCL|O_NOFOLLOW to make sure
>>> that it does not yet exist at the point that you create it (and that it's
>>> not a symlink either).
>>
>> This is correct, but doesn't lock the file,
>
> Locking is always advisory on Unix, so that doesn't matter anyway.
>
>> and so it doesn't prevent
>> someone from 'stealing' the file before the lock is applied.
>
> Nobody else can steal the file once you have created it, because they won't
> be the owner nor have the necessary permissions. That is the main security
> risk and it is solved by this approach. The fact that another process running
> under your login not using O_EXCL could overwrite it is not an extra security
> risk (if you have a rogue process running under your login, nothing that you
> do is safe because it can use ptrace to modify any process in any way it sees
> fit anyway).
And that is why I think the whole point is hugely exaggerated :-)
But it doesn't mean we shouldn't do our best to make it minimally safe.
Michael.
More information about the fpc-pascal
mailing list