file tempfile
in [TCL]
|
From: echm on 17 Oct 2009 12:12 I expected the new 8.6-command "file tempfile" (tip #210) to use the extension provided in the template but apparently it doesn't (bin) 63 % file tempfile filename root.ext filee74f58 (bin) 64 % puts $filename E:/DOKUME~1/user/LOKALE~1/Temp/root52038.TMP I was expecting E:/DOKUME~1/user/LOKALE~1/Temp/root52038.log
From: echm on 17 Oct 2009 12:15 Well of course I was expecting E:/DOKUME~1/user/LOKALE~1/Temp/root52038.ext
From: Donal K. Fellows on 17 Oct 2009 12:51 On 17 Oct, 10:12, echm <e...(a)gmx.de> wrote: > I expected the new 8.6-command "file tempfile" (tip #210) to use the > extension provided in the template but apparently it doesn't The low-level OS API for making temporary files is a bit messy (and in different ways on different platforms too); picking the extension just isn't always possible without much more complexity. Sorry about that. (You might be able to [file rename] to the right extension if you close the channel.) Donal.
From: tom.rmadilo on 19 Oct 2009 14:57 On Oct 17, 9:15 am, echm <e...(a)gmx.de> wrote: > Well of course I was expecting > E:/DOKUME~1/user/LOKALE~1/Temp/root52038.ext I assume that the implementation reflects one of the old mktemp and/or tempnam system functions. So what you need to do is to provide a "template" for the filename, where the last six characters are XXXXXX. So '/tmp/rootXXXXXX' is what you would supply, and the return would replace the X's with a unique number. At the time of generation of the filename, it will be unique, but since the open call is separate, it is possible, in theory, for an attacker to create a security issue. On windows, the issue isn't quite as bad since filenames are unique pointers to files on disk. On *nix systems, an attacker could link / tmp/root12454 to /etc/passwd, or any other file. The attacker doesn't even need rights on the target file. I think Tcl uses safer versions of this (using file descriptors) when it creates temporary files for things like exec pipe buffering. Unfortunately the internal code isn't exported to Tcl.
|
Pages: 1 Prev: http::geturl intermittent hang - looks for ideas... Next: Tree control |