TIP#210: Add tempname subcommand to file

The Tool Command Language implementation

Brought to you by: andreas_kupries, apnadkarni, bgriffin, das, and 10 others

#360 TIP#210: Add tempname subcommand to file

Milestone: TIP Implementation

Status: closed-fixed

Owner: Donal K. Fellows

Labels: 16. Commands A-H (12)

Priority: 5

Updated: 2008-11-29

Created: 2004-07-28

Creator: Bob Techentin

Private: No

This patch adds a new tempname subcommand to the file command.

The patch changes generic/tclCmdAH.c and generic/tclFCmd.c, adding a new command and function, which essentially calls the ANSI function tmpnam().

Changes to the file.n man page and test suite are included.

The Linux Programmer's Manual (Linux man pages) isn't very flattering towards tmpnam(). It basically says to use mkstemp() instead, but that function is POSIX instead of ANSI C.

Discussion

Bob Techentin - 2004-07-28

file-tempname.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bob Techentin - 2004-07-28

summary: Add file tempname --> Add tempname subcommand to file command
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Donal K. Fellows - 2004-08-04

milestone: --> TIP Implementation
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Donal K. Fellows - 2004-10-28

summary: Add tempname subcommand to file command --> TIP#210: Add tempname subcommand to file
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Donal K. Fellows - 2008-11-20

Need to update to use mkstemp() or something like that.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Matthias Kraft - 2008-11-21

I think there is no need to go into C level. Have a look at tcllibs ::fileutil::tempfile for Tcl only implementation that's fine with regard to race conditions and security.

Please stay away from tmpnam() and friends. Consider:
* http://cwe.mitre.org/data/definitions/377.html
* https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/861-BSI.html

mkstemp() is the only way to go at C-Level...

kind regards -- Matthias Kraft

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Donal K. Fellows - 2008-11-29

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Donal K. Fellows - 2008-11-29

Implemented.

At C level, we're using mkstemps() or mkstemp() on Unix, and something fairly horrible on Win (which still has the right security properties).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: