>Well, some of the security hole patching involved using "mkstemp()" (so
>that the creation and opening of the temporary file are done in one
>operation), and using the resulting file descriptor directly
>rather than
>reopening the file by name, and, alas, there's no "fdopen()" in the
>Windows C libraries (I'm not sure *why*, given that Win32 has a notion
>of "handle" for I/O that - at least on NT - looks *very* suspiciously
>similar to the UNIX notion of a file descriptor; perhaps it can't work
>on Windows 9x, or something), at least with the old Visual C++
>4.0 I had on my NT partition (maybe the VC++ 6.0 does better), so that
>stuff might have to be tweaked.
How about this function:
FILE *tmpfile( void );
Which appears to do it in one operation? This is an ANSI C function so you
might be able to use in non-Windows builds too. The files it creates are
supposed to be deleted automatically on program exit. Microsoft also
supplies a non-standard function _rmtmp() that lets you manually kill the
temp files at a time of your choosing.
It doesn't give you control over the name like mkstemp, would that be an
issue?
=====================================
Tim Farley
Software Engineer
tfarley@xxxxxxx
Internet Security Systems, Inc.
(678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6479
http://www.iss.net
Adaptive Network Security for the Enterprise
=====================================
