-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Ben Pfaff on 7/25/2006 11:21 AM: > Paul Eggert <[EMAIL PROTECTED]> writes: > >> With Bison I wanted fopen_safer but not tmpfile_safer (I think tmpfile >> is not that safe due to signals and whatnot), so I split the fopen-safer >> module into two, as follows: > > Can you expand on why tmpfile is not so safe?
I'd still like to fear Paul's reasons. But one of mine is that tmpfile is allowed to leave a permanent file behind if the call to tmpfile() is interrupted, or if the process _exit()s. Yet there is no way to know what that file is. At least with mkstemp, you choose the file prefix. Even though there is a race between the time that you mkstemp() and unlink(), such that the same problem exists of leaving a permanent file behind if interrupted at the wrong time, at least you can document to the user where to look for bogus files. Another reason is that POSIX allows implementations to limit you to TMP_MAX tmpfiles, which may be smaller than the number of open fd's allowed. (Hmm - sounds like an aardvark is in order, since POSIX still calls out TMP_MAX in the normative text to tmpnam, but deleted it from limits.h). - -- Life is short - so eat dessert first! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFExr3V84KuGfSFAYARAiGtAJ436Q7fwr4KZnhLPcXNTjxU6jaPdACeNDR9 y9o+G31/rrjQGu2sU3GcQq4= =IsUK -----END PGP SIGNATURE-----
