Jonathan Wakely wrote:
No, using mkstemp this way is no different than using tmpnam. Even if the file is already open, there is no reason for it to still be linked in the directory. So you may end up with a different file, and chaos ensues.
Isn't that a bit too general?
I think it is.
If the file is in a directory that is only writeable to you then only the superuser can unlink it, and if you don't trust root you've got far bigger problems than this.
Right.
If you can ensure the files are created in a directory that is not group- or world-writeable, or in a directory that has the sticky bit set, then isn't it (relatively) safe to use:
char filename[] = "DIR/tmp.XXXXXX"; const int fd = mkstemp(filename); if (fd == -1) throw ...; std::fstream f(filename); ?
It's certainly better than predictable names in predictable directories, right?
Actually, on Unix it is safe to just use char filename[] = "/tmp/tmp.XXXXXX"; const int fd = mkstemp(filename); because it /tmp does not exist, or does not have sticky bit, the system is in trouble already. And I'm not sure it's even possible to have "/" not owned by root. - Volodya