[m-rev.] for review: Improve Mercury's temporary files and directories predicates.

Peter Wang novalazy at gmail.com
Wed Apr 13 14:29:06 AEST 2016


On Wed, 13 Apr 2016 13:34:11 +1000, Paul Bone <paul at bone.id.au> wrote:
> For review by anyone.
> 
> I don't really know C# and have even less knowledge of Erlang.  I've not
> implemented these for the Erlang backend and a reviewer may wish to
> scrutinze the C# code in particular.
> 
> Thanks.
> 
> ---
> 
> Improve Mercury's temporary files and directories predicates.
> 
>  + Add support for retriving the system/user's temporary directory.
>  + Add support for creating temporary directories.
> 
> library/io.m:
>     Add temp_directory/3

get_temp_directory seems to fit the rest of io.m better.

> diff --git a/library/io.m b/library/io.m
> index b685315..3195532 100644
> --- a/library/io.m
> +++ b/library/io.m
> @@ -1312,8 +1312,65 @@
>      % It is the responsibility of the program to delete the file when it is
>      % no longer needed.
>      %
> -    % The file will reside in an implementation-dependent directory.
> -    % For current Mercury implementations, it is determined as follows:
> +    % The file is placed in the directory returned by temp_directory/3.
> +    %
> +    % This is insecure on the Erlang backend, file permissions are not set
> +    % properly.
> +    %
> +:- pred make_temp(string::out, io::di, io::uo) is det.
> +
> +    % make_temp(Dir, Prefix, Name, !IO) creates an empty file whose
> +    % name is different to the name of any existing file. The file will reside
> +    % in the directory specified by `Dir' and will have a prefix using up to
> +    % the first 5 characters of `Prefix'. Name is bound to the name of the
> +    % file. It is the responsibility of the program to delete the file
> +    % when it is no longer needed.
> +    %
> +    % The C# backend has the following limitations:
> +    %   + Dir is ignored.
> +    %   + Prefix is ignored.
> +    %
> +    % This is insecure on the Erlang backend, file permissions are not set
> +    % properly.
> +    %
> +:- pred make_temp(string::in, string::in, string::out, io::di, io::uo)
> +    is det.
> +

The documentation more commonly uses hyphens for bullets.

I don't like "insecure" as it implies that everything else is somehow
"secure".  Some would consider the entire make_temp interface "insecure"
as it returns a filename instead of an open file descriptor.  The
non-mkstemp C implementation produces highly guessable paths, too.

"properly" is too vague.  Please state exactly what it does wrong,
e.g. the temporary file is not created with mode 0600.

Peter


More information about the reviews mailing list