Menu
▾
▴
[Tcl-bugs] [ tcl-Patches-999162 ] TIP#210: Add tempname subcommand to file
|
From: SourceForge.net <no...@so...> - 2008-11-29 18:24:26
|
Patches item #999162, was opened at 2004-07-28 06:13 Message generated for change (Comment added) made by dkf You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=310894&aid=999162&group_id=10894 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: 16. Commands A-H Group: TIP Implementation >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: Bob Techentin (techentin) Assigned to: Donal K. Fellows (dkf) Summary: TIP#210: Add tempname subcommand to file Initial Comment: This patch adds a new tempname subcommand to the file command. The patch changes generic/tclCmdAH.c and generic/tclFCmd.c, adding a new command and function, which essentially calls the ANSI function tmpnam(). Changes to the file.n man page and test suite are included. The Linux Programmer's Manual (Linux man pages) isn't very flattering towards tmpnam(). It basically says to use mkstemp() instead, but that function is POSIX instead of ANSI C. ---------------------------------------------------------------------- >Comment By: Donal K. Fellows (dkf) Date: 2008-11-29 18:24 Message: Implemented. At C level, we're using mkstemps() or mkstemp() on Unix, and something fairly horrible on Win (which still has the right security properties). ---------------------------------------------------------------------- Comment By: Matthias Kraft (matzek) Date: 2008-11-21 17:19 Message: I think there is no need to go into C level. Have a look at tcllibs ::fileutil::tempfile for Tcl only implementation that's fine with regard to race conditions and security. Please stay away from tmpnam() and friends. Consider: * http://cwe.mitre.org/data/definitions/377.html * https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/861-BSI.html mkstemp() is the only way to go at C-Level... kind regards -- Matthias Kraft ---------------------------------------------------------------------- Comment By: Donal K. Fellows (dkf) Date: 2008-11-20 10:29 Message: Need to update to use mkstemp() or something like that. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=310894&aid=999162&group_id=10894 |