On Mar 13, 2009, at 2:31 PM, Martin v. Löwis wrote: >> Think about the security implications of a file name that is in >> advance known to an attacker as well as the fact that the said file >> will replace an *important* system file. > > You should always use O_EXCL in that case. Relying on random name will > be a severe security threat to the application. If you read an implementation of mkstemp() function, you'll see that it does exactly that: if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0) return(1); if (errno != EEXIST) return(0); That's why I mentioned mkstemp() in the OP. Zvezdan
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4