| Ticket UUID: | 999162 | |||
| Title: | TIP#210: Add tempname subcommand to file | |||
| Type: | Patch | Version: | TIP Implementation | |
| Submitter: | techentin | Created on: | 2004-07-28 05:13:25 | |
| Subsystem: | 16. Commands A-H | Assigned To: | dkf | |
| Priority: | 5 Medium | Severity: | ||
| Status: | Closed | Last Modified: | 2008-11-30 01:24:22 | |
| Resolution: | Fixed | Closed By: | dkf | |
| Closed on: | 2008-11-29 18:24:22 | |||
| Description: |
This patch adds a new tempname subcommand to the file command. The patch changes generic/tclCmdAH.c and generic/tclFCmd.c, adding a new command and function, which essentially calls the ANSI function tmpnam(). Changes to the file.n man page and test suite are included. The Linux Programmer's Manual (Linux man pages) isn't very flattering towards tmpnam(). It basically says to use mkstemp() instead, but that function is POSIX instead of ANSI C. | |||
| User Comments: |
dkf added on 2008-11-30 01:24:22:
Implemented. At C level, we're using mkstemps() or mkstemp() on Unix, and something fairly horrible on Win (which still has the right security properties). matzek added on 2008-11-22 00:19:31: I think there is no need to go into C level. Have a look at tcllibs ::fileutil::tempfile for Tcl only implementation that's fine with regard to race conditions and security. Please stay away from tmpnam() and friends. Consider: * http://cwe.mitre.org/data/definitions/377.html * https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/861-BSI.html mkstemp() is the only way to go at C-Level... kind regards -- Matthias Kraft dkf added on 2008-11-20 17:29:46: Need to update to use mkstemp() or something like that. techentin added on 2004-07-28 12:13:26: File Added - 95502: file-tempname.patch | |||
Attachments:
- file-tempname.patch [download] added by techentin on 2004-07-28 12:13:25. [details]