This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
Re: unique filename
- To: lhall at rfk dot com
- Subject: Re: unique filename
- From: "Ehud Karni" <ehud at unix dot simonwiesel dot co dot il>
- Date: Wed, 24 Jan 2001 20:04:24 +0200
- CC: klaus dot berndl at sdm dot de, cygwin at sourceware dot cygnus dot com
- Organization: Simon & Wiesel Insurance agency
- References: <4.3.1.2.20010124105227.022430b8@pop.ma.ultranet.com>
- Reply-to: ehud at unix dot simonwiesel dot co dot il
On Wed, 24 Jan 2001 10:57:12 -0500, Larry Hall (RFK Partners, Inc) <lhall@rfk.com> wrote:
>
> At 10:18 AM 1/24/2001, klaus.berndl@sdm.de wrote:
> >What is the normal way with Unix-systems to create a unique
> >filename?
>
> Programmatically or from the shell prompt? mktemp, which was just
> announced on this list, from Chuck Wilson's "misc" package should
> do this for you at the shell prompt. mktemp() does this
> programmatically. BTW, this isn't really a Cygwin question so you
> might want to follow-up on some mail list discussing C library calls
> if you have further issues.
Although this is off-topic I want to add some points:
1. If you need some files (more than 1) it is better to use mktemp
once and create a unique directory and save all your files there.
2. The unique part has no meaning, so if you want to create files
that are saved (or examined in case of error) make the fixed
part meaningful - name of program/script+date/time+any other
significant information (such as hostname, ip or user name).
DO NOT rely on the system for user/date information, once you
edit the file it will have your name and update time.
3. There may be problems if many hosts write to the same FS, my
solution is actually creating the file with exclusive bit on,
i.e. open ( <name>, O_RDWR | O_CREAT | O_EXCL, <mask> ) ;
if it fails get another unique name and try again (this is done
automaticly by `mkstemp ()' but you can specify the mask).
4. If you are not worried about security or DOS, you can use the
hostname-time-PID combination quite safely.
5. You can use a server to create unique names (I have such a server
that works across the net and supplies each request with a
unique 5 characters tag).
Finally here is a quotation from Linux mktemp:
Traditionally, many shell scripts take the name of the program with
the PID as a suffix and use that as a temporary file name. This
kind of naming scheme is predictable and the race condition it
creates is easy for an attacker to win. A safer, though still
inferior approach is to make a temporary directory using the same
naming scheme. While this does allow one to guarantee that a
temporary file will not be subverted, it still allows a simple
denial of service attack.
Ehud.
--
@@@@@@ @@@ @@@@@@ @ @ Ehud Karni Simon & Wiesel Insurance agency
@ @ @ @@ @ Tel: +972-3-6212-757 Fax: +972-3-6292-544
@ @ @ @ @ @@ (USA) Fax and voice mail: 1-815-5509341
@ @ @ @ @ @ Better Safe Than Sorry
http://www.simonwiesel.co.il mailto:ehud@unix.simonwiesel.co.il
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple