Date: Mon, 06 Sep 2021 13:58:51 -0700
On Monday, 6 September 2021 12:14:28 PDT Andy Little via Std-Discussion wrote:
> As far as I can see there is no standard way to get a temporary file as a
> C++ stream. ( Temporary file, as in a unique file which won't affect other
> files on the system) I looked at std::filesystem but there seems no
> function there to do it
>
> In Linux I can use tmpnam, but that gives warnings in gcc that it isnt safe
> to use, since there is an outside chance the name will be taken by another
> file before opening. Only other temporary file functions I can find all
> return C file handles
Right. Any file *name* is subject to TOCTOU attacks. If you're writing to a
world-writable (but sticky) directory, you also need to be certain to prevent
mailicious attacks, such as symlink injection. If it's not a world-writable
dir, you may still want to prevent accidental replacement by other faulty
software and other such kinds of race conditions.
Preferably, you *only* refer to this file by its handle (the file descriptor)
and never by its name, because you can't guarantee the file you have won't
have been replaced. If you need another process to open the same file, you
should pass its open file descriptor to the other process, by mechanisms like
file descriptor-passing over Unix sockets. However, as maintainer of
QTemporaryFile, I have discovered people really need the name at some point or
another. So the class will give you a name if you ask for it.
In any case, the conclusion is the same: you need a class that gives you an
open file, ready for writing, with the correct permissions on disk, created in
the right directory. So yes, your proposal makes sense and would be welcome.
Niall probably can add some more thoughts too.
In a similar line, check out Qt's QSaveFile and QLockFile too.
> The stackoverflow answer just suggests you roll your own. Is that the only
> option?
> https://stackoverflow.com/questions/46417264/assigning-a-c-file-handle-to-c
> -file-stream
Right now, yes.
> As far as I can see there is no standard way to get a temporary file as a
> C++ stream. ( Temporary file, as in a unique file which won't affect other
> files on the system) I looked at std::filesystem but there seems no
> function there to do it
>
> In Linux I can use tmpnam, but that gives warnings in gcc that it isnt safe
> to use, since there is an outside chance the name will be taken by another
> file before opening. Only other temporary file functions I can find all
> return C file handles
Right. Any file *name* is subject to TOCTOU attacks. If you're writing to a
world-writable (but sticky) directory, you also need to be certain to prevent
mailicious attacks, such as symlink injection. If it's not a world-writable
dir, you may still want to prevent accidental replacement by other faulty
software and other such kinds of race conditions.
Preferably, you *only* refer to this file by its handle (the file descriptor)
and never by its name, because you can't guarantee the file you have won't
have been replaced. If you need another process to open the same file, you
should pass its open file descriptor to the other process, by mechanisms like
file descriptor-passing over Unix sockets. However, as maintainer of
QTemporaryFile, I have discovered people really need the name at some point or
another. So the class will give you a name if you ask for it.
In any case, the conclusion is the same: you need a class that gives you an
open file, ready for writing, with the correct permissions on disk, created in
the right directory. So yes, your proposal makes sense and would be welcome.
Niall probably can add some more thoughts too.
In a similar line, check out Qt's QSaveFile and QLockFile too.
> The stackoverflow answer just suggests you roll your own. Is that the only
> option?
> https://stackoverflow.com/questions/46417264/assigning-a-c-file-handle-to-c
> -file-stream
Right now, yes.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel DPG Cloud Engineering
Received on 2021-09-06 15:58:58