Re^3: Unique filehandle -- what is correct?

Yeah. And the PID can easily been guessed or searched for by an attacker. Using the PID as template for temporary file names is a classic way to open a program for security exploits.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^3: Unique filehandle -- what is correct?

Replies are listed 'Best First'.
Re^4: Unique filehandle -- what is correct? by JavaFan (Canon) on Dec 12, 2011 at 12:11 UTC
Where does "attacker" come into it? That's not mentioned at all by the OP. Of course, if you have an attacker on your webserver that's able to write files, you're likely to be in deep shit anyway. But feel free to add to add as many random numbers as you want to your pid so you no longer have to bother about this attacker that has gained access to your system. Now excuse me, I have to hide that box of chocolates under my car seat, lest someone breaking in my car gets easy access to my stash.	[reply]

Replies are listed 'Best First'.

Re^4: Unique filehandle -- what is correct?
by JavaFan (Canon) on Dec 12, 2011 at 12:11 UTC

But feel free to add to add as many random numbers as you want to your pid so you no longer have to bother about this attacker that has gained access to your system.

Now excuse me, I have to hide that box of chocolates under my car seat, lest someone breaking in my car gets easy access to my stash.

[reply]