On Sunday, 18 January 2015 at 16:00:32 UTC, Kagamin wrote:
On Sunday, 18 January 2015 at 11:21:52 UTC, Marc Schütz wrote:
It's not different, and if you're still doing the O_EXCL open
afterwards, it's safe. I just assumed you were going to use
the generated filename without a further check. This is then
unsafe, no matter how the UUID is generated, and depending on
the RNG that's been used, they can be quite predictable.
Granted, the risk is low, but still...
tmpfile is more predictable: it generates sequential file names.
Being predictable is only an issue if the file is wrongly used
(ie: no check that it might already exist, or be a symlink or
check at the wrong time leaving an exploitable time frame etc).
Sequential file names are a good way to provide uniqueness over a
single system after all.
