[m-rev.] for review: Implement secure temporary file creation for .NET.

[Paul Bone]

On Fri, May 06, 2016 at 05:29:27PM +0800, Sebastian Godelet wrote:
> Hi,
> 
> I've applied my previous changes to the do_make_temp predicate for C#.
> While going through the C implementation I noticed that the call to mkstemp is violating the functional contract,
> namely that XXXXXX needs to be at the end of the string. This seems to work since Suffix is "" in the usual case.
> IMHO Suffix just should be removed (as using Suffix != "" will not work at the moment anyway).

Someone else suggested this, however once fixed for C (see my comment about
mkstemps below) the only unsupported backend is Erlang.  Which can probably
be fixed easily also.

> ---
> Implement secure temporary file creation for .NET.
>     
> library/io.m:
>         Re-write do_make_temp/9 for C#, using the same mechanism as
>         do_make_temp_directory.
>         Implement Prefix for do_make_temp_directory (C#).
>         Add a comment on why using Suffix for the C code will cause
>         problems.
> 
> diff --git a/library/io.m b/library/io.m
> index 3b96cef..e0e5e9e 100644
> --- a/library/io.m
> +++ b/library/io.m
> @@ -10560,7 +10570,7 @@ import java.util.Random;
>      MR_Word filename_word;
>      int     flags;
>  
> -    len = strlen(Dir) + 1 + 5 + 6 + strlen(Suffix) + 1;
> +    len = strlen(Dir) + strlen(Sep) + 5 + 6 + strlen(Suffix) + 1;

Good catch!

> @@ -10744,6 +10843,9 @@ import java.util.Random;
>  #ifdef MR_HAVE_MKDTEMP
>      int err;
>  
> +    /* XXX mkdtemp assumes that XXXXXX is at the end of the template,
> +     * and mkstemps is used for this purpose instead.
> +     */

Although mkstemps is non-standard, it's still a realistic alternative
since we already support systems without mkstemp.  So we'd continue to
support two implementations: generate names ourselves and use open /
mkstemps. - I'll make this a separate proposal.

Your changes look good.  I'll give them a quick test and commit them.

Cheers.


-- 
Paul Bone