Re^2: temp filehandle to filename

That works, thank you, tilly.
It's moot now, but I'm still puzzled by the warning in the File::Temp doc:

"For maximum security, endeavour always to avoid ever looking at, touching, or even imputing the existence of the filename. ...
"If you need to pass the handle to something that expects a filename then use ... "+<=&" . fileno($fh) for Perl programs."

Must depend on the internals of sendfile as you say.

Comment on Re^2: temp filehandle to filename

Replies are listed 'Best First'.
Re^3: temp filehandle to filename by ikegami (Patriarch) on Mar 31, 2009 at 17:12 UTC
You're not passing it a Perl program, where there is a good chance of it getting passed to 2-arg `open`. You're passing it to `sendfile` which will definitely not call Perl's 2-arg `open`.	[reply] [d/l] [select]
Re^3: temp filehandle to filename by tilly (Archbishop) on Mar 31, 2009 at 18:40 UTC
The meaning of the security warning is that if you insist on having a filename, then there will be a file in the filesystem that other processes can find and look at. If you do not insist on having a filename then in many operating systems File::Temp will create and immediately unlink the temporary file. That gives you a file on disk which no other process can find, let alone read. The advice on passing data to Perl programs is bad. It will work if people use a 2 argument open. But not if they use a 3 argument open. But as Two-arg open() considered dangerous points out, you really should use the 3 argument version, which will break that meme. Someone should submit a patch to improve the documentation. (If I remember, I'll do it from home tonight.) Update: I remembered to send it in this morning.	[reply]