KTemporaryFile::createLocalFile()
Thiago Macieira
thiago at kde.org
Thu Jul 5 14:47:06 BST 2007
Hans Meine wrote:
>Am Donnerstag, 05. Juli 2007 12:06:50 schrieb Thiago Macieira:
>> I explained to someone this exact same problem last week on IRC. And
>> we were talking about Kate and its diff'ing programs. I don't remember
>> if it was to Dominik I was talking to, but we ended up agreeing that
>> setAutoDelete(false) would suffice.
>
>That's sad - there are indeed quite some use cases where one just wants
> to have a local temp. filename for passing that to external programs.
> In theory, it would of course be best to "just pipe" the diff output
> through to kompare.
We discussed that on IRC.
If you pass a filename, it's open to symlink attacks and being
replace/deleted. As long as you're passing the temp filename for just
reading, it's ok -- the worst that could happen is that some garbage is
shown.
However, if the objective is writing to the file, then you should not pass
a filename. You should either use a pipe (which K/QProcess support) or
directly pass the opened file as a file descriptor (which can't be done
portably and K/QProcess don't support).
Besides, if in this case the target program can read from stdin, why not
pipe directly from diff to kompare? K/QProcess support that.
>> Again: I object the patch.
>
>..in favor of setAutoDelete(false)? AFAICS, that leads to more code,
>conceptually doing the same. But thats just MHO.
In favour of security.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20070705/39006626/attachment.sig>
More information about the kde-core-devel
mailing list