AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2011.01.10 16:18 "[Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
2011.01.10 16:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
2011.01.10 18:59 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Jeff McKenna
2011.01.10 20:35 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
2011.01.10 20:37 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
2011.01.10 20:54 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn
2011.01.10 21:30 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
2011.01.11 00:01 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky
2011.01.11 15:41 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Edward Lam
2011.01.11 16:18 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Olivier Paquet
2011.01.11 16:38 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky

2011.01.11 16:18 "Re: [Tiff] Missing mkstemp() on Visual Studio 2008", by Olivier Paquet

On Tue, Jan 11, 2011 at 10:41 AM, Edward Lam <edward@sidefx.com> wrote:

On 1/10/2011 7:01 PM, Igor Skochinsky wrote:

Use instead tmpnam() followed by fopen() with mode "w+bTD" (write, binary, temporary, delete on close).

Good point. However, doesn't using tmpnam() will re-introduce the

possibility of a TOCTOU attack? It took me a while to find the current

CERT recommendation on this [1]. The sad state of affairs as I read it

seems that there is no 100% secure way to create temporary files on

Windows!?

Not if you open using CreateFile() with the CREATE_NEW disposition which causes failure if the file exists. And of course also FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE. Then you _open_osfhandle() and fdopen(). It's a mess but it works.

Olivier