Thomas Witt wrote:
Then what do you think about my second proposal? (the tempstream class that was in the attachment.) The best thing to do would be to have that one implemented as a "primitive" and not implementing generate_path_for_temp_file() at all. However, that is not easily achievable in a portable way, because the interface of std::basic_fstream takes a pathname and not a stream id or FILE* :-(Hi Alberto,Alberto Barbati wrote:Hi,
first of all, I want to thank Beman Dawes and all others that
contributed with the design and development of the Filesystem library. It's a wonderful piece of work.
I just would like to propose a couple of additions that I believe are very useful. Both features regard temporary files.
First proposal: I propose to add a function with a signature of this kind:
path generate_path_for_temp_file();
IIRC functions like this are considered a bad idea. They are subject to race conditions and a potential security problem.
I agree with you, that the functionality would be really helpfull. The usual solution to the race condition problem would be to have a function that returns a stream. See mkstemp on POSIX. Win32 has a similar facility.
Moreover, there's no way to specify that the file is to be open exclusively, so complete security will never be granted if we derive from std::basic_fstream.
The weak link here is the std::basic_filebuf class, is there someone out there who wants to write a (possibly portable) replacement of basic_filebuf that overcome these limitations? It seems an interesting but huge task, to me.
By the way, the Win32 facility that you are talking about is GetTempFileName()? That function creates the file but does not open it, so it's different from mkstemp() that also opens the file exclusively. So GetTempFileName() is only safe against non-malicious race conditions.
On the other hand, mkstemp() can easily be downgraded to GetTempFileName() by just keeping the pathname and closing the file ;)
Alberto
_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
