Am 05.10.2010 18:26, schrieb ik:
On Tue, Oct 5, 2010 at 17:30, Sven Barth <pascaldra...@googlemail.com <mailto:pascaldra...@googlemail.com>> wrote:Am 05.10.2010 17:20, schrieb Leonardo M. Ramé: Hi, if I run this program from command line in Linux, I allways get the same result, "/tmp/TMP00000.tmp". Shouldn't it return a different file name each time it's executed?. How can I get different file names? program tempfilename; uses sysutils; begin writeln(GetTempFileName); end. Did you delete the file after the run of your program? GetTempFileName always starts from 0 and checks whether that file already exists. If not, it returns that name else it continues increasing the index. That's a security risk, because it is very easy to know what will be the file name. It should return random name that does not exists on a random length (that the developer chooses). Symlink attack: http://www.infosecwriters.com/texts.php?op=display&id=159 <http://www.infosecwriters.com/texts.php?op=display&id=159> for better understanding.
Windows (or at least ReactOS) seems to use GetTickCount to generate a random filename: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/kernel32/file/file.c?revision=48845&view=markup (look for GetTempFilenameW)
Regards, Sven _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
