diff options
Diffstat (limited to 'lib/Temp/File-Temp-0.12/blib')
4 files changed, 681 insertions, 0 deletions
diff --git a/lib/Temp/File-Temp-0.12/blib/arch/auto/File/Temp/.exists b/lib/Temp/File-Temp-0.12/blib/arch/auto/File/Temp/.exists new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/lib/Temp/File-Temp-0.12/blib/arch/auto/File/Temp/.exists diff --git a/lib/Temp/File-Temp-0.12/blib/lib/auto/File/Temp/.exists b/lib/Temp/File-Temp-0.12/blib/lib/auto/File/Temp/.exists new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/lib/Temp/File-Temp-0.12/blib/lib/auto/File/Temp/.exists diff --git a/lib/Temp/File-Temp-0.12/blib/man3/.exists b/lib/Temp/File-Temp-0.12/blib/man3/.exists new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/lib/Temp/File-Temp-0.12/blib/man3/.exists diff --git a/lib/Temp/File-Temp-0.12/blib/man3/File::Temp.3pm b/lib/Temp/File-Temp-0.12/blib/man3/File::Temp.3pm new file mode 100644 index 0000000..1b7e1f4 --- /dev/null +++ b/lib/Temp/File-Temp-0.12/blib/man3/File::Temp.3pm @@ -0,0 +1,681 @@ +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "Temp 3" +.TH Temp 3 "2001-02-23" "perl v5.8.5" "User Contributed Perl Documentation" +.SH "NAME" +File::Temp \- return name and handle of a temporary file safely +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& use File::Temp qw/ tempfile tempdir /; +.Ve +.PP +.Vb 2 +\& $dir = tempdir( CLEANUP => 1 ); +\& ($fh, $filename) = tempfile( DIR => $dir ); +.Ve +.PP +.Vb 2 +\& ($fh, $filename) = tempfile( $template, DIR => $dir); +\& ($fh, $filename) = tempfile( $template, SUFFIX => '.dat'); +.Ve +.PP +.Vb 1 +\& $fh = tempfile(); +.Ve +.PP +MkTemp family: +.PP +.Vb 1 +\& use File::Temp qw/ :mktemp /; +.Ve +.PP +.Vb 2 +\& ($fh, $file) = mkstemp( "tmpfileXXXXX" ); +\& ($fh, $file) = mkstemps( "tmpfileXXXXXX", $suffix); +.Ve +.PP +.Vb 1 +\& $tmpdir = mkdtemp( $template ); +.Ve +.PP +.Vb 1 +\& $unopened_file = mktemp( $template ); +.Ve +.PP +\&\s-1POSIX\s0 functions: +.PP +.Vb 1 +\& use File::Temp qw/ :POSIX /; +.Ve +.PP +.Vb 2 +\& $file = tmpnam(); +\& $fh = tmpfile(); +.Ve +.PP +.Vb 2 +\& ($fh, $file) = tmpnam(); +\& ($fh, $file) = tmpfile(); +.Ve +.PP +Compatibility functions: +.PP +.Vb 1 +\& $unopened_file = File::Temp::tempnam( $dir, $pfx ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\f(CW\*(C`File::Temp\*(C'\fR can be used to create and open temporary files in a safe way. +The \fItempfile()\fR function can be used to return the name and the open +filehandle of a temporary file. The \fItempdir()\fR function can +be used to create a temporary directory. +.PP +The security aspect of temporary file creation is emphasized such that +a filehandle and filename are returned together. This helps guarantee +that a race condition can not occur where the temporary file is +created by another process between checking for the existence of the +file and its opening. Additional security levels are provided to +check, for example, that the sticky bit is set on world writable +directories. See \*(L"safe_level\*(R" for more information. +.PP +For compatibility with popular C library functions, Perl implementations of +the \fImkstemp()\fR family of functions are provided. These are, \fImkstemp()\fR, +\&\fImkstemps()\fR, \fImkdtemp()\fR and \fImktemp()\fR. +.PP +Additionally, implementations of the standard \s-1POSIX\s0 +\&\fItmpnam()\fR and \fItmpfile()\fR functions are provided if required. +.PP +Implementations of \fImktemp()\fR, \fItmpnam()\fR, and \fItempnam()\fR are provided, +but should be used with caution since they return only a filename +that was valid when function was called, so cannot guarantee +that the file will not exist by the time the caller opens the filename. +.SH "FUNCTIONS" +.IX Header "FUNCTIONS" +This section describes the recommended interface for generating +temporary files and directories. +.IP "\fBtempfile\fR" 4 +.IX Item "tempfile" +This is the basic function to generate temporary files. +The behaviour of the file can be changed using various options: +.Sp +.Vb 1 +\& ($fh, $filename) = tempfile(); +.Ve +.Sp +Create a temporary file in the directory specified for temporary +files, as specified by the \fItmpdir()\fR function in File::Spec. +.Sp +.Vb 1 +\& ($fh, $filename) = tempfile($template); +.Ve +.Sp +Create a temporary file in the current directory using the supplied +template. Trailing `X' characters are replaced with random letters to +generate the filename. At least four `X' characters must be present +in the template. +.Sp +.Vb 1 +\& ($fh, $filename) = tempfile($template, SUFFIX => $suffix) +.Ve +.Sp +Same as previously, except that a suffix is added to the template +after the `X' translation. Useful for ensuring that a temporary +filename has a particular extension when needed by other applications. +But see the \s-1WARNING\s0 at the end. +.Sp +.Vb 1 +\& ($fh, $filename) = tempfile($template, DIR => $dir); +.Ve +.Sp +Translates the template as before except that a directory name +is specified. +.Sp +.Vb 1 +\& ($fh, $filename) = tempfile($template, UNLINK => 1); +.Ve +.Sp +Return the filename and filehandle as before except that the file is +automatically removed when the program exits. Default is for the file +to be removed if a file handle is requested and to be kept if the +filename is requested. In a scalar context (where no filename is +returned) the file is always deleted either on exit or when it is closed. +.Sp +If the template is not specified, a template is always +automatically generated. This temporary file is placed in \fItmpdir()\fR +(File::Spec) unless a directory is specified explicitly with the +\&\s-1DIR\s0 option. +.Sp +.Vb 1 +\& $fh = tempfile( $template, DIR => $dir ); +.Ve +.Sp +If called in scalar context, only the filehandle is returned +and the file will automatically be deleted when closed (see +the description of \fItmpfile()\fR elsewhere in this document). +This is the preferred mode of operation, as if you only +have a filehandle, you can never create a race condition +by fumbling with the filename. On systems that can not unlink +an open file or can not mark a file as temporary when it is opened +(for example, Windows \s-1NT\s0 uses the \f(CW\*(C`O_TEMPORARY\*(C'\fR flag)) +the file is marked for deletion when the program ends (equivalent +to setting \s-1UNLINK\s0 to 1). The \f(CW\*(C`UNLINK\*(C'\fR flag is ignored if present. +.Sp +.Vb 1 +\& (undef, $filename) = tempfile($template, OPEN => 0); +.Ve +.Sp +This will return the filename based on the template but +will not open this file. Cannot be used in conjunction with +\&\s-1UNLINK\s0 set to true. Default is to always open the file +to protect from possible race conditions. A warning is issued +if warnings are turned on. Consider using the \fItmpnam()\fR +and \fImktemp()\fR functions described elsewhere in this document +if opening the file is not required. +.Sp +Options can be combined as required. +.IP "\fBtempdir\fR" 4 +.IX Item "tempdir" +This is the recommended interface for creation of temporary directories. +The behaviour of the function depends on the arguments: +.Sp +.Vb 1 +\& $tempdir = tempdir(); +.Ve +.Sp +Create a directory in \fItmpdir()\fR (see File::Spec). +.Sp +.Vb 1 +\& $tempdir = tempdir( $template ); +.Ve +.Sp +Create a directory from the supplied template. This template is +similar to that described for \fItempfile()\fR. `X' characters at the end +of the template are replaced with random letters to construct the +directory name. At least four `X' characters must be in the template. +.Sp +.Vb 1 +\& $tempdir = tempdir ( DIR => $dir ); +.Ve +.Sp +Specifies the directory to use for the temporary directory. +The temporary directory name is derived from an internal template. +.Sp +.Vb 1 +\& $tempdir = tempdir ( $template, DIR => $dir ); +.Ve +.Sp +Prepend the supplied directory name to the template. The template +should not include parent directory specifications itself. Any parent +directory specifications are removed from the template before +prepending the supplied directory. +.Sp +.Vb 1 +\& $tempdir = tempdir ( $template, TMPDIR => 1 ); +.Ve +.Sp +Using the supplied template, creat the temporary directory in +a standard location for temporary files. Equivalent to doing +.Sp +.Vb 1 +\& $tempdir = tempdir ( $template, DIR => File::Spec->tmpdir); +.Ve +.Sp +but shorter. Parent directory specifications are stripped from the +template itself. The \f(CW\*(C`TMPDIR\*(C'\fR option is ignored if \f(CW\*(C`DIR\*(C'\fR is set +explicitly. Additionally, \f(CW\*(C`TMPDIR\*(C'\fR is implied if neither a template +nor a directory are supplied. +.Sp +.Vb 1 +\& $tempdir = tempdir( $template, CLEANUP => 1); +.Ve +.Sp +Create a temporary directory using the supplied template, but +attempt to remove it (and all files inside it) when the program +exits. Note that an attempt will be made to remove all files from +the directory even if they were not created by this module (otherwise +why ask to clean it up?). The directory removal is made with +the \fIrmtree()\fR function from the File::Path module. +Of course, if the template is not specified, the temporary directory +will be created in \fItmpdir()\fR and will also be removed at program exit. +.SH "MKTEMP FUNCTIONS" +.IX Header "MKTEMP FUNCTIONS" +The following functions are Perl implementations of the +\&\fImktemp()\fR family of temp file generation system calls. +.IP "\fBmkstemp\fR" 4 +.IX Item "mkstemp" +Given a template, returns a filehandle to the temporary file and the name +of the file. +.Sp +.Vb 1 +\& ($fh, $name) = mkstemp( $template ); +.Ve +.Sp +In scalar context, just the filehandle is returned. +.Sp +The template may be any filename with some number of X's appended +to it, for example \fI/tmp/temp.XXXX\fR. The trailing X's are replaced +with unique alphanumeric combinations. +.IP "\fBmkstemps\fR" 4 +.IX Item "mkstemps" +Similar to \fImkstemp()\fR, except that an extra argument can be supplied +with a suffix to be appended to the template. +.Sp +.Vb 1 +\& ($fh, $name) = mkstemps( $template, $suffix ); +.Ve +.Sp +For example a template of \f(CW\*(C`testXXXXXX\*(C'\fR and suffix of \f(CW\*(C`.dat\*(C'\fR +would generate a file similar to \fItesthGji_w.dat\fR. +.Sp +Returns just the filehandle alone when called in scalar context. +.IP "\fBmkdtemp\fR" 4 +.IX Item "mkdtemp" +Create a directory from a template. The template must end in +X's that are replaced by the routine. +.Sp +.Vb 1 +\& $tmpdir_name = mkdtemp($template); +.Ve +.Sp +Returns the name of the temporary directory created. +Returns undef on failure. +.Sp +Directory must be removed by the caller. +.IP "\fBmktemp\fR" 4 +.IX Item "mktemp" +Returns a valid temporary filename but does not guarantee +that the file will not be opened by someone else. +.Sp +.Vb 1 +\& $unopened_file = mktemp($template); +.Ve +.Sp +Template is the same as that required by \fImkstemp()\fR. +.SH "POSIX FUNCTIONS" +.IX Header "POSIX FUNCTIONS" +This section describes the re-implementation of the \fItmpnam()\fR +and \fItmpfile()\fR functions described in \s-1POSIX\s0 +using the \fImkstemp()\fR from this module. +.PP +Unlike the \s-1POSIX\s0 implementations, the directory used +for the temporary file is not specified in a system include +file (\f(CW\*(C`P_tmpdir\*(C'\fR) but simply depends on the choice of \fItmpdir()\fR +returned by File::Spec. On some implementations this +location can be set using the \f(CW\*(C`TMPDIR\*(C'\fR environment variable, which +may not be secure. +If this is a problem, simply use \fImkstemp()\fR and specify a template. +.IP "\fBtmpnam\fR" 4 +.IX Item "tmpnam" +When called in scalar context, returns the full name (including path) +of a temporary file (uses \fImktemp()\fR). The only check is that the file does +not already exist, but there is no guarantee that that condition will +continue to apply. +.Sp +.Vb 1 +\& $file = tmpnam(); +.Ve +.Sp +When called in list context, a filehandle to the open file and +a filename are returned. This is achieved by calling \fImkstemp()\fR +after constructing a suitable template. +.Sp +.Vb 1 +\& ($fh, $file) = tmpnam(); +.Ve +.Sp +If possible, this form should be used to prevent possible +race conditions. +.Sp +See \*(L"tmpdir\*(R" in File::Spec for information on the choice of temporary +directory for a particular operating system. +.IP "\fBtmpfile\fR" 4 +.IX Item "tmpfile" +In scalar context, returns the filehandle of a temporary file. +.Sp +.Vb 1 +\& $fh = tmpfile(); +.Ve +.Sp +The file is removed when the filehandle is closed or when the program +exits. No access to the filename is provided. +.Sp +If the temporary file can not be created undef is returned. +Currently this command will probably not work when the temporary +directory is on an \s-1NFS\s0 file system. +.SH "ADDITIONAL FUNCTIONS" +.IX Header "ADDITIONAL FUNCTIONS" +These functions are provided for backwards compatibility +with common tempfile generation C library functions. +.PP +They are not exported and must be addressed using the full package +name. +.IP "\fBtempnam\fR" 4 +.IX Item "tempnam" +Return the name of a temporary file in the specified directory +using a prefix. The file is guaranteed not to exist at the time +the function was called, but such guarantees are good for one +clock tick only. Always use the proper form of \f(CW\*(C`sysopen\*(C'\fR +with \f(CW\*(C`O_CREAT | O_EXCL\*(C'\fR if you must open such a filename. +.Sp +.Vb 1 +\& $filename = File::Temp::tempnam( $dir, $prefix ); +.Ve +.Sp +Equivalent to running \fImktemp()\fR with \f(CW$dir\fR/$prefixXXXXXXXX +(using unix file convention as an example) +.Sp +Because this function uses \fImktemp()\fR, it can suffer from race conditions. +.SH "UTILITY FUNCTIONS" +.IX Header "UTILITY FUNCTIONS" +Useful functions for dealing with the filehandle and filename. +.IP "\fBunlink0\fR" 4 +.IX Item "unlink0" +Given an open filehandle and the associated filename, make a safe +unlink. This is achieved by first checking that the filename and +filehandle initially point to the same file and that the number of +links to the file is 1 (all fields returned by \fIstat()\fR are compared). +Then the filename is unlinked and the filehandle checked once again to +verify that the number of links on that file is now 0. This is the +closest you can come to making sure that the filename unlinked was the +same as the file whose descriptor you hold. +.Sp +.Vb 1 +\& unlink0($fh, $path) or die "Error unlinking file $path safely"; +.Ve +.Sp +Returns false on error. The filehandle is not closed since on some +occasions this is not required. +.Sp +On some platforms, for example Windows \s-1NT\s0, it is not possible to +unlink an open file (the file must be closed first). On those +platforms, the actual unlinking is deferred until the program ends and +good status is returned. A check is still performed to make sure that +the filehandle and filename are pointing to the same thing (but not at +the time the end block is executed since the deferred removal may not +have access to the filehandle). +.Sp +Additionally, on Windows \s-1NT\s0 not all the fields returned by \fIstat()\fR can +be compared. For example, the \f(CW\*(C`dev\*(C'\fR and \f(CW\*(C`rdev\*(C'\fR fields seem to be +different. Also, it seems that the size of the file returned by \fIstat()\fR +does not always agree, with \f(CW\*(C`stat(FH)\*(C'\fR being more accurate than +\&\f(CW\*(C`stat(filename)\*(C'\fR, presumably because of caching issues even when +using autoflush (this is usually overcome by waiting a while after +writing to the tempfile before attempting to \f(CW\*(C`unlink0\*(C'\fR it). +.Sp +Finally, on \s-1NFS\s0 file systems the link count of the file handle does +not always go to zero immediately after unlinking. Currently, this +command is expected to fail on \s-1NFS\s0 disks. +.SH "PACKAGE VARIABLES" +.IX Header "PACKAGE VARIABLES" +These functions control the global state of the package. +.IP "\fBsafe_level\fR" 4 +.IX Item "safe_level" +Controls the lengths to which the module will go to check the safety of the +temporary file or directory before proceeding. +Options are: +.RS 4 +.IP "\s-1STANDARD\s0" 8 +.IX Item "STANDARD" +Do the basic security measures to ensure the directory exists and +is writable, that the \fIumask()\fR is fixed before opening of the file, +that temporary files are opened only if they do not already exist, and +that possible race conditions are avoided. Finally the unlink0 +function is used to remove files safely. +.IP "\s-1MEDIUM\s0" 8 +.IX Item "MEDIUM" +In addition to the \s-1STANDARD\s0 security, the output directory is checked +to make sure that it is owned either by root or the user running the +program. If the directory is writable by group or by other, it is then +checked to make sure that the sticky bit is set. +.Sp +Will not work on platforms that do not support the \f(CW\*(C`\-k\*(C'\fR test +for sticky bit. +.IP "\s-1HIGH\s0" 8 +.IX Item "HIGH" +In addition to the \s-1MEDIUM\s0 security checks, also check for the +possibility of ``\fIchown()\fR giveaway'' using the \s-1POSIX\s0 +\&\fIsysconf()\fR function. If this is a possibility, each directory in the +path is checked in turn for safeness, recursively walking back to the +root directory. +.Sp +For platforms that do not support the \s-1POSIX\s0 +\&\f(CW\*(C`_PC_CHOWN_RESTRICTED\*(C'\fR symbol (for example, Windows \s-1NT\s0) it is +assumed that ``\fIchown()\fR giveaway'' is possible and the recursive test +is performed. +.RE +.RS 4 +.Sp +The level can be changed as follows: +.Sp +.Vb 1 +\& File::Temp->safe_level( File::Temp::HIGH ); +.Ve +.Sp +The level constants are not exported by the module. +.Sp +Currently, you must be running at least perl v5.6.0 in order to +run with \s-1MEDIUM\s0 or \s-1HIGH\s0 security. This is simply because the +safety tests use functions from Fcntl that are not +available in older versions of perl. The problem is that the version +number for Fcntl is the same in perl 5.6.0 and in 5.005_03 even though +they are different versions. +.Sp +On systems that do not support the \s-1HIGH\s0 or \s-1MEDIUM\s0 safety levels +(for example Win \s-1NT\s0 or \s-1OS/2\s0) any attempt to change the level will +be ignored. The decision to ignore rather than raise an exception +allows portable programs to be written with high security in mind +for the systems that can support this without those programs failing +on systems where the extra tests are irrelevant. +.Sp +If you really need to see whether the change has been accepted +simply examine the return value of \f(CW\*(C`safe_level\*(C'\fR. +.Sp +.Vb 3 +\& $newlevel = File::Temp->safe_level( File::Temp::HIGH ); +\& die "Could not change to high security" +\& if $newlevel != File::Temp::HIGH; +.Ve +.RE +.IP "TopSystemUID" 4 +.IX Item "TopSystemUID" +This is the highest \s-1UID\s0 on the current system that refers to a root +\&\s-1UID\s0. This is used to make sure that the temporary directory is +owned by a system \s-1UID\s0 (\f(CW\*(C`root\*(C'\fR, \f(CW\*(C`bin\*(C'\fR, \f(CW\*(C`sys\*(C'\fR etc) rather than +simply by root. +.Sp +This is required since on many unix systems \f(CW\*(C`/tmp\*(C'\fR is not owned +by root. +.Sp +Default is to assume that any \s-1UID\s0 less than or equal to 10 is a root +\&\s-1UID\s0. +.Sp +.Vb 2 +\& File::Temp->top_system_uid(10); +\& my $topid = File::Temp->top_system_uid; +.Ve +.Sp +This value can be adjusted to reduce security checking if required. +The value is only relevant when \f(CW\*(C`safe_level\*(C'\fR is set to \s-1MEDIUM\s0 or higher. +.SH "WARNING" +.IX Header "WARNING" +For maximum security, endeavour always to avoid ever looking at, +touching, or even imputing the existence of the filename. You do not +know that that filename is connected to the same file as the handle +you have, and attempts to check this can only trigger more race +conditions. It's far more secure to use the filehandle alone and +dispense with the filename altogether. +.PP +If you need to pass the handle to something that expects a filename +then, on a unix system, use \f(CW\*(C`"/dev/fd/" . fileno($fh)\*(C'\fR for arbitrary +programs, or more generally \f(CW\*(C`"+<=&" . fileno($fh)\*(C'\fR for Perl +programs. You will have to clear the close-on-exec bit on that file +descriptor before passing it to another process. +.PP +.Vb 3 +\& use Fcntl qw/F_SETFD F_GETFD/; +\& fcntl($tmpfh, F_SETFD, 0) +\& or die "Can't clear close-on-exec flag on temp fh: $!\en"; +.Ve +.Sh "Temporary files and \s-1NFS\s0" +.IX Subsection "Temporary files and NFS" +Some problems are associated with using temporary files that reside +on \s-1NFS\s0 file systems and it is recommended that a local filesystem +is used whenever possible. Some of the security tests will most probably +fail when the temp file is not local. Additionally, be aware that +the performance of I/O operations over \s-1NFS\s0 will not be as good as for +a local disk. +.SH "HISTORY" +.IX Header "HISTORY" +Originally began life in May 1999 as an \s-1XS\s0 interface to the system +\&\fImkstemp()\fR function. In March 2000, the OpenBSD \fImkstemp()\fR code was +translated to Perl for total control of the code's +security checking, to ensure the presence of the function regardless of +operating system and to help with portability. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\*(L"tmpnam\*(R" in \s-1POSIX\s0, \*(L"tmpfile\*(R" in \s-1POSIX\s0, File::Spec, File::Path +.PP +See IO::File and File::MkTemp for different implementations of +temporary file handling. +.SH "AUTHOR" +.IX Header "AUTHOR" +Tim Jenness <t.jenness@jach.hawaii.edu> +.PP +Copyright (C) 1999\-2001 Tim Jenness and the \s-1UK\s0 Particle Physics and +Astronomy Research Council. All Rights Reserved. This program is free +software; you can redistribute it and/or modify it under the same +terms as Perl itself. +.PP +Original Perl implementation loosely based on the OpenBSD C code for +\&\fImkstemp()\fR. Thanks to Tom Christiansen for suggesting that this module +should be written and providing ideas for code improvements and +security enhancements. |