Yes, that is correct, if the file was made in a directory which is world writeable (like most temp directories) and does not have the sticky bit set (unlike most temp directories) then someone can come along and delete the file and make a new one in its place with the same name. While we're on the subject, one practice, which I consider good form in general (but which may not work for you, since you want the file avaiable via www), is to create a ~/tmp with 700 permissions and create all temp files in there, this prevents all of the /tmp race condition security bugs that have cropped up in the past and will surely crop up in the future (it still does not prevent a race condition, two copies of your program could both generate the same filename before either of them opened it, but it prevents someone from symlinking the file to /etc/passwd or creating and opening it first). Anyways, back to your problem: since you are publishing the files via www, I assume that they are being put in a directory which is writeable only by you, if this is the case then you do not need to worry about anyone deleting the file, people will probably be able to read the file but I don't think that is a big problem since you're making it available via the www and someone could just fetch it via the www rather than the local filesystem if they could predict the filename, though a brute force guess would be much slower via www.

In reply to Re: Re: Re: Avoiding race conditions by nardo
in thread Avoiding race conditions by swiftone

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.