mkstemp
Henry Cejtin
henry@sourcelight.com
Thu, 21 Jun 2001 17:36:39 -0500
Strange about the 0600 vs. 0666. The manual says earlier versions of glibc
use 0666 but newer ones use 0600. I would argue that you pretty much never
want to use anything besides 0666 and 0777, with any extra security being
handled by the umask. Still, it all depends on how paranoid you want to be.
If you look at the info entry for mkstemp, it says:
The file is opened using mode `0600'. If the file is meant
to be used by other users this mode must be changed
explicitly.
Any way, it isn't a big deal since either way if you care about it you just
call open directly. As to the mode, I would just leave mkstemp as in the C
case. After all, it is what people expect, and it is just a trade off
between flexibility and convenience.
By the way, looking at the info pages I see that there is a mkdtemp()
function, but no man page. That uses mode 0700 (again, minus umask). I
don't think I would bother with mkdtemp(), just because it isn't useful that
often. For that you can just use use Posix.FileSys.mkdir.
As to the source to mkstemp, you don't want to do the Random.seed on every
call to tempName, do you? If so, then it really MUST be /dev/urandom, not
/dev/random. Also 100 tries isn't enough. Also, you have to detect the
reason for the failure. Looping is the right thing to do (I would probably
go forever) if it fails by EEXIST, but for other errors you want to fail
right away, no retries. (The usual case is failure because of permissions.)
To me, the only question is if you should have mkstemp return both an in and
out stream.