Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C++ > temporary file

Reply
Thread Tools

temporary file

 
 
Philipp Kraus
Guest
Posts: n/a
 
      11-26-2010
Hello,

how can I created a temporary (unique) file? I have used the C function
tmpnam, but my newer gcc shows a warning, that the using is dangerous.
So I would like to switch to mkstemp(), but this function is not in the
standard.

I have written a logger class which creates on a static attribute
(std::string logger::m_filename = tmpnam(NULL) the temporary
filename and if there is a log entry the file is created. My code
should be run / compile under posix- and Windows systems so how can I
create (optimal a fstream) with a temporary file, which can only read
by the owner and is not delete after the program is finished?

Thanks

Phil

 
Reply With Quote
 
 
 
 
Andrea Crotti
Guest
Posts: n/a
 
      11-26-2010
On 26 Nov, 11:20, Philipp Kraus <(E-Mail Removed)> wrote:
> Hello,
>
> how can I created a temporary (unique) file? I have used the C function
> tmpnam, but my newer gcc shows a warning, that the using is dangerous.
> So I would like to switch to mkstemp(), but this function is not in the
> standard.
>
> I have written a logger class which creates on a static attribute
> (std::string logger::m_filename *= tmpnam(NULL) the temporary
> filename and if there is a log entry the file is created. My code
> should be run / compile under posix- and Windows systems so how can I
> create (optimal a fstream) with a temporary file, which can only read
> by the owner and is not delete after the program is finished?
>
> Thanks
>
> Phil


First result in google
http://www.cplusplus.com/reference/c...stdio/tmpfile/

 
Reply With Quote
 
 
 
 
Philipp Kraus
Guest
Posts: n/a
 
      11-26-2010
On 2010-11-26 12:00:30 +0100, Andrea Crotti said:

> On 26 Nov, 11:20, Philipp Kraus <(E-Mail Removed)> wrote:
>> Hello,
>>
>> how can I created a temporary (unique) file? I have used the C function
>> tmpnam, but my newer gcc shows a warning, that the using is dangerous.
>> So I would like to switch to mkstemp(), but this function is not in the
>> standard.
>>
>> I have written a logger class which creates on a static attribute
>> (std::string logger::m_filename *= tmpnam(NULL) the temporary
>> filename and if there is a log entry the file is created. My code
>> should be run / compile under posix- and Windows systems so how can I
>> create (optimal a fstream) with a temporary file, which can only read
>> by the owner and is not delete after the program is finished?
>>
>> Thanks
>>
>> Phil

>
> First result in google
> http://www.cplusplus.com/reference/c...stdio/tmpfile/
>


tmpfile creates a file and delete after the stream is closed, but I
need - see my first post - a tempfile which is not deleted.

Thx

Phil

 
Reply With Quote
 
Goran
Guest
Posts: n/a
 
      11-26-2010
On Nov 26, 11:20*am, Philipp Kraus <(E-Mail Removed)> wrote:
> Hello,
>
> how can I created a temporary (unique) file? I have used the C function
> tmpnam, but my newer gcc shows a warning, that the using is dangerous.
> So I would like to switch to mkstemp(), but this function is not in the
> standard.
>
> I have written a logger class which creates on a static attribute
> (std::string logger::m_filename *= tmpnam(NULL) the temporary
> filename and if there is a log entry the file is created. My code
> should be run / compile under posix- and Windows systems so how can I
> create (optimal a fstream) with a temporary file, which can only read
> by the owner and is not delete after the program is finished?


Is there something wrong with tmpnam + fopen?

Goran.
 
Reply With Quote
 
gwowen
Guest
Posts: n/a
 
      11-26-2010
On Nov 26, 12:18*pm, Goran <(E-Mail Removed)> wrote:
> Is there something wrong with tmpnam + fopen?


Potential for race conditions between the call to tmpnam() and the
call to fopen(), leading to insecure code or potential Denial Of
Service in the face of a belligerent user.
 
Reply With Quote
 
Philipp Kraus
Guest
Posts: n/a
 
      11-26-2010
On 2010-11-26 13:29:23 +0100, gwowen said:

> On Nov 26, 12:18*pm, Goran <(E-Mail Removed)> wrote:
>> Is there something wrong with tmpnam + fopen?

>
> Potential for race conditions between the call to tmpnam() and the
> call to fopen(), leading to insecure code or potential Denial Of
> Service in the face of a belligerent user.


Yes, that's my problem. I have a multithreading code, which should
write down the log message in one (unique) file. I would like to create
a unique filename. Is there a cross-plattform function to create this
name? Or should I create a own function which call's a mersenne twister
or the random device?

Thx

Phil

 
Reply With Quote
 
Jorgen Grahn
Guest
Posts: n/a
 
      11-27-2010
On Fri, 2010-11-26, Philipp Kraus wrote:
> On 2010-11-26 13:29:23 +0100, gwowen said:
>
>> On Nov 26, 12:18*pm, Goran <(E-Mail Removed)> wrote:
>>> Is there something wrong with tmpnam + fopen?

>>
>> Potential for race conditions between the call to tmpnam() and the
>> call to fopen(), leading to insecure code or potential Denial Of
>> Service in the face of a belligerent user.

>
> Yes, that's my problem. I have a multithreading code, which should
> write down the log message in one (unique) file. I would like to create
> a unique filename. Is there a cross-plattform function to create this
> name? Or should I create a own function which call's a mersenne twister
> or the random device?


But - but - but ... why do you feel the name of the file must be
unpredictable, when you intend to hand it to the user? How are you
going to document it? "If you want to read the log messages, look in
all recently created files with funny names"?

Look at how strace and valgrind (on Unix) treat their log files. I
hope what you want is actually something similar.

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
 
Reply With Quote
 
Philipp Kraus
Guest
Posts: n/a
 
      11-28-2010
On 2010-11-27 12:03:48 +0100, Jorgen Grahn said:

> On Fri, 2010-11-26, Philipp Kraus wrote:
>> On 2010-11-26 13:29:23 +0100, gwowen said:
>>
>>> On Nov 26, 12:18*pm, Goran <(E-Mail Removed)> wrote:
>>>> Is there something wrong with tmpnam + fopen?
>>>
>>> Potential for race conditions between the call to tmpnam() and the
>>> call to fopen(), leading to insecure code or potential Denial Of
>>> Service in the face of a belligerent user.

>>
>> Yes, that's my problem. I have a multithreading code, which should
>> write down the log message in one (unique) file. I would like to create
>> a unique filename. Is there a cross-plattform function to create this
>> name? Or should I create a own function which call's a mersenne twister
>> or the random device?

>
> But - but - but ... why do you feel the name of the file must be
> unpredictable, when you intend to hand it to the user? How are you
> going to document it? "If you want to read the log messages, look in
> all recently created files with funny names"?


I would have got a name like <programname> . <uniquenumber> . log
in the temporary path. I have read the boost documentation to find out
the temp-path, but it seems
in the newest release there is no function.

I think there is no native interface to read the temporary path or
create a unique filename with some constraints

Thanks

Phil


 
Reply With Quote
 
Fred Zwarts
Guest
Posts: n/a
 
      11-29-2010
"Philipp Kraus" <(E-Mail Removed)> wrote in message
news:icoth9$qfo$(E-Mail Removed)
> On 2010-11-26 13:29:23 +0100, gwowen said:
>
>> On Nov 26, 12:18 pm, Goran <(E-Mail Removed)> wrote:
>>> Is there something wrong with tmpnam + fopen?

>>
>> Potential for race conditions between the call to tmpnam() and the
>> call to fopen(), leading to insecure code or potential Denial Of
>> Service in the face of a belligerent user.

>
> Yes, that's my problem. I have a multithreading code, which should
> write down the log message in one (unique) file. I would like to
> create a unique filename. Is there a cross-plattform function to
> create this name? Or should I create a own function which call's a
> mersenne twister or the random device?


Can't you place the call to tmpnam() and the call to fopen() in one critical section guarded with a mutex to remove the race condition?
 
Reply With Quote
 
gwowen
Guest
Posts: n/a
 
      11-29-2010
On Nov 29, 8:29*am, "Fred Zwarts" <(E-Mail Removed)> wrote:
> Can't you place the call to tmpnam() and the call to fopen() in one critical section guarded with a mutex to remove the race condition?


The problem isn't a race within one's own code. That could be dealt
with by your methods. The problem is this.

Your code
---------
call tmpnam(), get /tmp/pattern_43234532523, say
Attackers code
--------------
Flood /tmp with symbolic links named
pattern_XXXXXXX, all pointing to a
critical file of yours

call fopen(/tmp/pattern_43234532523,"w")

Oops, you've now truncated your critical file to length zero...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
anonymous array of strings // ("taking address of temporary"- how long is temporary valid?) anon.asdf@gmail.com C++ 7 02-12-2008 10:58 AM
can I modify a file without using a temporary file Lin Jingxian Perl Misc 2 05-09-2005 01:30 PM
Temporary File Names Bob Morris ASP .Net 3 11-29-2003 06:31 AM
Redirect to a temporary file in my app folder (or subfolder) Philippe Meunier ASP .Net 3 10-18-2003 03:28 AM
creating a temporary file in clustered web farm sudha ASP .Net 1 07-08-2003 12:00 AM



Advertisments