[MINC-development] patches for tmpnam
Steve ROBBINS
minc-development@bic.mni.mcgill.ca
Mon, 10 Mar 2003 11:29:42 -0500
On Mon, Mar 10, 2003 at 10:34:19AM -0500, Robert VINCENT wrote:
> Steve,
>
> I thought that having the function create the file avoids the worst
> aspects of the race condition, since the file is known to have been
> created successfully with relatively secure permissions and ownership.
No, that buys you nothing. Once you close the file, all bets are
off.
> Closing the file should be immaterial, since the file is known to exist
> with owner read/write permissions only.
More precisely, the file did exist at one time with owner read/write
permissions. Once you close it, the file is gone. Anything can happen
during the interval that you close and re-open the file.
> If you prefer that I allocate memory in the function, I'm OK with that, I
> just have a preference for functions that force the caller to allocate
> the memory (I get fewer memory leaks that way).
I understand your point and favour it when applicable.
The trouble in this case is that you also force the caller to guess
how much memory to allocate.
In addition, it's nicer on client programmers when a library uses
a consistent policy with regards to this issue. Volume_io already
has get_temporary_filename() which returns allocated memory so why
not just promote this function's semantics into MINC proper?
-S