On Tue, Oct 5, 2010 at 17:30, Sven Barth <pascaldra...@googlemail.com>wrote:
> Am 05.10.2010 17:20, schrieb Leonardo M. Ramé: > > Hi, if I run this program from command line in Linux, I allways get the >> same result, "/tmp/TMP00000.tmp". Shouldn't it return a different file name >> each time it's executed?. >> >> How can I get different file names? >> >> program tempfilename; >> uses >> sysutils; >> begin >> writeln(GetTempFileName); >> end. >> > > Did you delete the file after the run of your program? GetTempFileName > always starts from 0 and checks whether that file already exists. If not, it > returns that name else it continues increasing the index. > That's a security risk, because it is very easy to know what will be the file name. It should return random name that does not exists on a random length (that the developer chooses). Symlink attack: http://www.infosecwriters.com/texts.php?op=display&id=159for better understanding. > > Regards, > Sven > > _______________________________________________ > fpc-pascal maillist - fpc-pascal@lists.freepascal.org > http://lists.freepascal.org/mailman/listinfo/fpc-pascal > Ido
_______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
