Re: [bug-gnulib] split stdio-safer into fopen-safer, tmpfile-safer

[Bruno Haible]

Eric Blake wrote:
> tmpfile is
> allowed to leave a permanent file behind if the call to tmpfile() is
> interrupted, or if the process _exit()s. Yet there is no way to know what 
> that file is.

Yup. When you look at clean-temp.c you see the various steps that are
needed to avoid leaving a file behind:

  1. path_search: create a template for the creation of the temp. file.
  2. block fatal signals.
  3. create the file (mkstemp) or directory (mkdtemp).
  4. register it for automatic deletion upon program exit.
  5. unblock fatal signals.

(If you require portability - no "unlink before close" -, 'tmpfile' cannot
be used in this context, as it does not allow to retrieve the filename.
But 'mkstemp' can.)

> there is a race between the time that you mkstemp() and unlink(),
> such that the same problem exists of leaving a permanent file behind if
> interrupted at the wrong time

You can hide this race by blocking fatal signals before the mkstemp
call, i.e. swap steps 1 and 2 in the list above.

Bruno