mkstemp

[Henry Cejtin]

Strange  about  the 0600 vs. 0666.  The manual says earlier versions of glibc
use 0666 but newer ones use 0600.  I would argue that you pretty  much  never
want  to  use  anything  besides 0666 and 0777, with any extra security being
handled by the umask.  Still, it all depends on how paranoid you want to  be.
If you look at the info entry for mkstemp, it says:
        The  file  is opened using mode `0600'.  If the file is meant
        to  be  used  by  other  users  this  mode  must  be  changed
        explicitly.
Any  way,  it isn't a big deal since either way if you care about it you just
call open directly.  As to the mode, I would just leave mkstemp as in  the  C
case.   After  all,  it  is  what  people  expect, and it is just a trade off
between flexibility and convenience.

By the way, looking at the info  pages  I  see  that  there  is  a  mkdtemp()
function,  but  no  man  page.   That uses mode 0700 (again, minus umask).  I
don't think I would bother with mkdtemp(), just because it isn't useful  that
often.  For that you can just use use Posix.FileSys.mkdir.

As  to  the  source to mkstemp, you don't want to do the Random.seed on every
call to tempName, do you?  If so, then it really MUST  be  /dev/urandom,  not
/dev/random.   Also  100  tries  isn't  enough.  Also, you have to detect the
reason for the failure.  Looping is the right thing to do (I  would  probably
go  forever)  if  it  fails  by EEXIST, but for other errors you want to fail
right away, no retries.  (The usual case is failure because of  permissions.)

To  me, the only question is if you should have mkstemp return both an in and
out stream.