[Interest] Strange undeletable QTemporaryFile. Is it a bug?
Thiago Macieira
thiago.macieira at intel.com
Sat Aug 24 02:00:37 CEST 2013
On sexta-feira, 23 de agosto de 2013 15:15:57, Alex Malyushytskyy wrote:
> QTemporaryFile attached to file which is not anymore
> under control.
> This would be even more confusing and made documented features wrong:
> "the file will subsequently be removed upon destruction of the
> QTemporaryFile object."
>
> "Detaching" could be made in close(), but in this case you leave useless
> now QTemporaryFile alive.
> I think current implementation is less alone prone.
> What can be done - I would override close just to make it private, so
> people do not call it.
The only way to make it work would be for close() to unset the fileName()
again. When open() is called again, it creates a new file name based on the
template.
Which is exactly what you don't want.
Now, here's another problem: on Unix, referring to the temporary file by
anything besides its file descriptor means you're not in control. If the file is
on a world-writable non-sticky directory, it's also a security risk: an
attacker could delete the temporary file and replace it with a symlink to a file
you own.
(which is why no one uses world-writable non-sticky dirs; /tmp is sticky)
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20130823/ea1a5be2/attachment.sig>
More information about the Interest
mailing list