When TIP 210 was discussed in
2006, security issues were raised
for implementations based on
mkstemp(). Since some branches
of the committed implementation
do appear to be based on mkstemp(),
are those issues relevant?
Please review and comment.
The FD returned by mkstemp() is the one that gets formed into a Tcl_Channel. But if you're creating a temporary file to use with an external API that requires a filename (they exist, alas) then you have to be able to get the filename as well. This is why the result of [file tempfile] is a channel name and you're allowed to give a variable name to get the filename if you want.
Of slightly more concern is the fact that we may use the filename internally before returning to the script level (to unlink the file so it will get cleaned up on close) but I'm not sure what to do about that. Improvements welcome.
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.