[Interest] Strange undeletable QTemporaryFile. Is it a bug?

Thiago Macieira thiago.macieira at intel.com
Sat Aug 24 02:00:37 CEST 2013


On sexta-feira, 23 de agosto de 2013 15:15:57, Alex Malyushytskyy wrote:
> QTemporaryFile  attached to file which is not anymore
> under control.
> This would be even more confusing and made documented features wrong:
> "the file will subsequently be removed upon destruction of the
> QTemporaryFile object."
> 
> "Detaching" could be made in close(), but in this case you leave useless
> now QTemporaryFile alive.
> I think current implementation is less alone prone.
> What can be done - I would override close just to make it private, so
> people do not call it.

The only way to make it work would be for close() to unset the fileName() 
again. When open() is called again, it creates a new file name based on the 
template.

Which is exactly what you don't want.

Now, here's another problem: on Unix, referring to the temporary file by 
anything besides its file descriptor means you're not in control. If the file is 
on a world-writable non-sticky directory, it's also a security risk: an 
attacker could delete the temporary file and replace it with a symlink to a file 
you own.

(which is why no one uses world-writable non-sticky dirs; /tmp is sticky)
-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20130823/ea1a5be2/attachment.sig>


More information about the Interest mailing list