m3ga blog

Mon, 12 Feb 2007

The Windoze tmpfile Implementation.

During a discussion on the libsndfile-devel mailing list it was brought to my attention that although windows does have an implementation of the POSIX function tmpfile:

    #include <stdio.h>

    FILE *tmpfile (void) ;

the temporary file created on windows is placed in the root directory of the C:\ drive. Couldn't possibly be true you think? Think again. From microsoft's own documentation

The tmpfile function creates a temporary file and returns a pointer to that stream. The temporary file is created in the root directory. To create a temporary file in a directory other than the root, use tmpnam or tempnam in conjunction with fopen.

So the global village idiots of microsoft implemented tmpfile so they could say that windows was POSIX compliant, but did so in a way that is so broken that nobody in their right mind would actually want to use it.

But its actually worse than that. According to microsoft, the tmpfile function is deprecated because it supposedly isn't secure. From the same page:

Creates a temporary file. This function is deprecated because a more secure version is available; see tmpfile_s.

(Note : I wonder if microsoft bothered to tell the people responsible for the POSIX Standards that microsoft has deprecated a function in their standard.)

The fact that the GNU libc version of tmpfile is secure means that it is possible to write a secure version of this function. That means that the only reason microsoft could have had for deprecating it was because their version was insecure. They deprecated a POSIX standard function to replace it with a their own non standard function tmpfile_s:

    errno_t tmpfile (FILE** pFilePtr);

Now I for one, cannot see any reason why this version of the function is any more secure than the POSIX version. It also far easier to do the wrong thing with this function than it is with the original.

Once again, microsoft shows that it employs people who are probably too stupid to feed themselves or crap in a toilet without help, in spite of the fact that is also employs some really smart people.

Posted at: 12:53 | Category: Windiots | Permalink

Categories

• • Top (189)
  • CodeHacking (94)
  • • DDC (7)
    • Debian (4)
    • Embedded (1)
    • Erlang (1)
    • Geany (1)
    • Haskell (11)
    • MinGWCross (3)
    • Ocaml (18)
    • SecretRabbitCode (7)
    • libsndfile (13)
  • Cycling (4)
  • FP-Syd (29)
  • LCA07 (2)
  • Music (5)
  • NewHouse (4)
  • OSDC06 (3)
  • Politics (1)
  • Security (1)
  • Tech (14)
  • Tools (1)
  • WTF (4)
  • Windiots (7)

Syndication

• Atom
• RSS 2.0

Planets

• Planet Debian
• Planet FP-Syd
• Planet Haskell
• Planet Linux Australia
• Planet Linux Audio
• Planet Ocamlcore
• Planet SLUG

Links

• Disciple
• Ocaml
• Haskell
• Hoogle
• Hackage
• Real Wold Haskell
• Erlang
• Hack A Day
• Create Digital Music
• The Daily WTF
• The Geany Text Editor
• Make Blog
• CodeHop
• Reddit Science
• Audio Cookbook
• Next Step Audio
• Computer Music Design Theories
• The Tor Project
• Home Tracked

• Stubborn Mule

• Butterflies and Wheels
• Friendly Atheist
• Jesus and Mo

File Validators

• HTML Validator
• CSS Validator
• RSS Feed Validator
• MobileOK Validator