-
2011.01.10 16:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
-
2011.01.10 18:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
-
2011.01.10 20:35 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
- 2011.01.10 20:37 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
- 2011.01.10 20:54 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn
-
2011.01.10 20:35 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
-
2011.01.10 18:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
2011.01.11 16:18 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Olivier Paquet
On Tue, Jan 11, 2011 at 10:41 AM, Edward Lam <edward@sidefx.com> wrote:
On 1/10/2011 7:01 PM, Igor Skochinsky wrote:
Use instead tmpnam() followed by fopen() with mode "w+bTD" (write, binary, temporary, delete on close).
Good point. However, doesn't using tmpnam() will re-introduce the
possibility of a TOCTOU attack? It took me a while to find the current
CERT recommendation on this [1]. The sad state of affairs as I read it
seems that there is no 100% secure way to create temporary files on
Windows!?
Not if you open using CreateFile() with the CREATE_NEW disposition which causes failure if the file exists. And of course also FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE. Then you _open_osfhandle() and fdopen(). It's a mess but it works.
Olivier