I don't think this is the best way to do it. I think what we really
want is to use mkstemp() to create the temp file and then just
rename() it to the predictable name. If the rename fails, we know
someone is trying to attach us. If not, we are safe.

- todd

Index: fileio.c
================================================== =================
RCS file: /home/cvs/openbsd/src/usr.bin/mg/fileio.c,v
retrieving revision 1.43
diff -u -r1.43 fileio.c
--- fileio.c 11 Jan 2005 17:19:16 -0000 1.43
+++ fileio.c 30 Jan 2005 21:11:47 -0000
@@ -160,7 +160,7 @@
int from, to, serrno;
ssize_t nread;
char buf[BUFSIZ];
- char *nname;
+ char *nname, *tname;

if (stat(fn, &sb) == -1) {
ewprintf("Can't stat %s : %s", fn, strerror(errno));
@@ -168,20 +168,27 @@
}

if (asprintf(&nname, "%s~", fn) == -1) {
- ewprintf("Can't allocate temp file name : %s",
- strerror(errno));
+ ewprintf("Can't allocate temp file name : %s", strerror(errno));
+ return (ABORT);
+ }
+
+ if (asprintf(&tname, "%s.XXXXXXXXXX", fn) == -1) {
+ ewprintf("Can't allocate temp file name : %s", strerror(errno));
+ free(nname);
return (ABORT);
}

if ((from = open(fn, O_RDONLY)) == -1) {
free(nname);
+ free(tname);
return (FALSE);
}
- to = open(nname, O_WRONLY|O_CREAT|O_TRUNC, (sb.st_mode & 0777));
+ to = mkstemp(tname);
if (to == -1) {
serrno = errno;
close(from);
free(nname);
+ free(tname);
errno = serrno;
return (FALSE);
}
@@ -192,13 +199,20 @@
}
}
serrno = errno;
+ (void) fchmod(to, (sb.st_mode & 0777));
close(from);
close(to);
if (nread == -1) {
- if (unlink(nname) == -1)
+ if (unlink(tname) == -1)
ewprintf("Can't unlink temp : %s", strerror(errno));
+ } else {
+ if (rename(tname, nname) == -1) {
+ ewprintf("Can't rename temp : %s", strerror(errno));
+ (void) unlink(tname);
+ }
}
free(nname);
+ free(tname);
errno = serrno;

return (nread == -1 ? FALSE : TRUE);