[mapserver-dev] RFC 66 - Better handling of temporary files

Alan Boudreault aboudreault at mapgears.com
Mon Jan 17 16:16:35 EST 2011 

Devs,

After a some check in the code.. the temporary files are being used by other 
functions that needs a filename and not a file descriptor. ie. GDALCreateCopy, 
msHTTPGetFile etc. I don't consider that using readlink() or reading the file 
/proc/self/fd/ to get the filename is a good option. At this point, I don't 
think that part of the code has been a big issue before and I'm not sure if 
it's worth to modify too many things in argument. 

For your information, mkstemp() do not create a temporary file directly in 
/tmp. A call like "char template[7] = "XXXXXX"; mkstemp(template);" will 
create a file in the current directory. Note that it may uses the system path 
automatically on some systems, but not in my current glibc compilation. We 
have to set a template to "/tmp/XXXXXX" to get the proper behavior. 
GetTempFileName() Windows function act the same way.

That said, I don't really think our msTmpFile() is *less safe* than using 
those functions. tempnam() (linux) and GetTempPath() (Windows) are two 
functions that try to check for a system temp path. it checks for environment 
variable then guess as we would have done, /tmp or C:\\. Note that there is no 
garantee that the path exists neither.

I'd suggest to simply add the TEMPPATH and MS_TEMPPATH option for expert users 
and to use tempnam()/GetTempPath() to get a path from the system otherwise.

Thomas, is there something I misunderstood in my reads? Please correct me if 
so.

regards,
Alan

On January 17, 2011 11:31:55 am Alan Boudreault wrote:
> Well the best thing would have been to use mkstemp() and something similar
> on windows that also returns a file handle. However, Windows doesn't seem
> to have this kind of function. We'll have to use GetTempFileName(), which
> only return a *unique* file name. We have to create the file ourself. This
> is not as safe as mkstemp(). So, something I am thinking about is to
> create a new function that will use mkstemp() on Linux/Mac and
> GetTempFileName() + fopen(..) on Windows. I'm afraid I don't have any
> Windows dev environment to test it. Could anyone help me on this when I
> finish the Linux part?
> 
> 
> regards,
> Alan
> 
> On January 17, 2011 10:03:26 am Alan Boudreault wrote:
> > I understand your concern and I agree. I Will check to use those
> > functions by default. I also agree that if the user set the TEMPPATH,
> > this path will be used rather than the default system path.
> > 
> > regards,
> > Alan
> > 
> > On January 14, 2011 04:42:27 pm thomas bonfort wrote:
> > > On Fri, Jan 14, 2011 at 22:23, Frank Warmerdam <warmerdam at pobox.com>
> 
> wrote:
> > > > On 11-01-14 07:46 AM, thomas bonfort wrote:
> > > >> Jeff,
> > > >> I don't like TEMPPATH because it should not be necessary for a user
> > > >> to have to configure it. On unix, there is a system function that
> > > >> will guarantee to create you a temp file without having to make the
> > > >> assumption it will be in /tmp, and I imagine it could be possible
> > > >> to implement something similar for windows if it doesn't exist.
> > > >> Let's not burden our users with setting a configuration variable
> > > >> for something that is system related and should be taken care of
> > > >> transparently.
> > > > 
> > > > Thomas,
> > > > 
> > > > I like the idea of being able to control where my MapServer temp
> > > > files are created - either so I can keep them separate from system
> > > > temporary files, or so I can control what drive they are on (ie.
> > > > ram drive, extra physical drive).  But it might be nice if the
> > > > *fallback* when it isn't set is to do the normal system behavior.
> > > 
> > > Frank,
> > > as a developer, I agree that knowing where the temp file is created so
> > > you can inspect what is going on is a definitive plus. As a user, I
> > > don't see the point, and would especially not want to have to
> > > configure it.
> > > I'm +1 for a default system call if TEMPPATH is not specified and use
> > > whatever defined value if the user has gone to the trouble of
> > > specifying it, and against having a log message
> > > be output if TEMPPATH is not set.
> > > My initial concern is that we seem to be reinventing the wheel in
> > > regards to tempfile creation, whereas there are secure and tested
> > > solutions with mkstemp that we should at least investigate before
> > > rolling out our own.
> > > 
> > > best regards,
> > > thomas
> > > 
> > > ps. I hope the tone is not harsh or condescending, its not my aim in
> > > any way. _______________________________________________
> > > mapserver-dev mailing list
> > > mapserver-dev at lists.osgeo.org
> > > http://lists.osgeo.org/mailman/listinfo/mapserver-dev

-- 
Alan Boudreault
Mapgears
http://www.mapgears.com

More information about the mapserver-dev mailing list