[Interest] Strange undeletable QTemporaryFile. Is it a bug?

Guido Seifert wargand at gmx.de
Sat Aug 24 09:49:03 CEST 2013


 
> Now, here's another problem: on Unix, referring to the temporary file by 
> anything besides its file descriptor means you're not in control. If the file is 
> on a world-writable non-sticky directory, it's also a security risk: an 
> attacker could delete the temporary file and replace it with a symlink to a file 
> you own.

This is of course a striking argument. Security beats everything. And of course I don't want any changes, which breaks x code bases now. However, just for the argument, what I would have done:

1. isOpen, open, close made protected. Those methods just don't do what you expect. Making them protected is a good way to draw attention to the fact, that there might be some reading necessary. isOpen might even be private. I don't see how this method could be useful at all.

2. added a function 'reset', which does what close is doing now. You said yourself: close does not close anything. Calling this function close then just feels wrong to me.

Guido



More information about the Interest mailing list