[m-rev.] for review: Implement secure temporary file creation for .NET.
paul at bone.id.au
Mon May 9 10:50:38 AEST 2016
On Fri, May 06, 2016 at 05:29:27PM +0800, Sebastian Godelet wrote:
> I've applied my previous changes to the do_make_temp predicate for C#.
> While going through the C implementation I noticed that the call to mkstemp is violating the functional contract,
> namely that XXXXXX needs to be at the end of the string. This seems to work since Suffix is "" in the usual case.
> IMHO Suffix just should be removed (as using Suffix != "" will not work at the moment anyway).
Someone else suggested this, however once fixed for C (see my comment about
mkstemps below) the only unsupported backend is Erlang. Which can probably
be fixed easily also.
> Implement secure temporary file creation for .NET.
> Re-write do_make_temp/9 for C#, using the same mechanism as
> Implement Prefix for do_make_temp_directory (C#).
> Add a comment on why using Suffix for the C code will cause
> diff --git a/library/io.m b/library/io.m
> index 3b96cef..e0e5e9e 100644
> --- a/library/io.m
> +++ b/library/io.m
> @@ -10560,7 +10570,7 @@ import java.util.Random;
> MR_Word filename_word;
> int flags;
> - len = strlen(Dir) + 1 + 5 + 6 + strlen(Suffix) + 1;
> + len = strlen(Dir) + strlen(Sep) + 5 + 6 + strlen(Suffix) + 1;
> @@ -10744,6 +10843,9 @@ import java.util.Random;
> #ifdef MR_HAVE_MKDTEMP
> int err;
> + /* XXX mkdtemp assumes that XXXXXX is at the end of the template,
> + * and mkstemps is used for this purpose instead.
> + */
Although mkstemps is non-standard, it's still a realistic alternative
since we already support systems without mkstemp. So we'd continue to
support two implementations: generate names ourselves and use open /
mkstemps. - I'll make this a separate proposal.
Your changes look good. I'll give them a quick test and commit them.
More information about the reviews