io.files: implement (file-writer-secure)

We want a way to open a temp file securely and return the stream.
Opening a file to reserve the filename is not enough in some cases according
to https://tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html

diff --git a/basis/io/files/unix/unix.factor b/basis/io/files/unix/unix.factor
index 6f4e78c720db6a4ee55b5f06235f3428fdea29b1..cd74c4a9c36820105c2cc45e8df206a23ec94835 100644 (file)
--- a/basis/io/files/unix/unix.factor
+++ b/basis/io/files/unix/unix.factor
@@ -34,6 +34,14 @@ CONSTANT: write-flags flags{ O_WRONLY O_CREAT O_TRUNC }
 M: unix (file-writer)
     open-write <fd> init-fd <output-port> ;
 
+CONSTANT: secure-write-flags flags{ O_WRONLY O_CREAT O_TRUNC O_EXCL }
+
+: open-secure-write ( path -- fd )
+    secure-write-flags file-mode open-file ;
+
+M: unix (file-writer-secure)
+    open-secure-write <fd> init-fd <output-port> ;
+
 CONSTANT: append-flags flags{ O_WRONLY O_APPEND O_CREAT }
 
 : open-append ( path -- fd )

diff --git a/basis/io/files/windows/windows.factor b/basis/io/files/windows/windows.factor
index d7c848f23fdabe872b8387f76da45ba8e96de2df..51fe2e823632641fc297b2c9e55fe27ddb75342d 100644 (file)
--- a/basis/io/files/windows/windows.factor
+++ b/basis/io/files/windows/windows.factor
@@ -247,6 +247,8 @@ M: windows init-stdio
 : open-write ( path -- win32-file )
     GENERIC_WRITE CREATE_ALWAYS 0 open-file 0 >>ptr ;
 
+: open-secure-write ( path -- win32-file )
+    GENERIC_WRITE CREATE_NEW FILE_ATTRIBUTE_TEMPORARY open-file 0 >>ptr ;
 
 <PRIVATE
 
@@ -280,6 +282,9 @@ M: windows (file-reader)
 M: windows (file-writer)
     open-write <output-port> ;
 
+M: windows (file-writer-secure)
+    open-secure-write <output-port> ;
+
 M: windows (file-appender)
     open-append <output-port> ;
 

diff --git a/core/io/files/files.factor b/core/io/files/files.factor
index c67c8e2e65c78d9c07562ad7d11fd47ad37e059c..4a68452a6b0ee211c7f075f4d6af388619290147 100644 (file)
--- a/core/io/files/files.factor
+++ b/core/io/files/files.factor
@@ -30,6 +30,8 @@ HOOK: (file-reader) io-backend ( path -- stream )
 
 HOOK: (file-writer) io-backend ( path -- stream )
 
+HOOK: (file-writer-secure) io-backend ( path -- stream )
+
 HOOK: (file-appender) io-backend ( path -- stream )
 
 : <file-reader> ( path encoding -- stream )
@@ -38,6 +40,9 @@ HOOK: (file-appender) io-backend ( path -- stream )
 : <file-writer> ( path encoding -- stream )
     [ normalize-path (file-writer) { file-writer } declare ] dip <encoder> ; inline
 
+: <file-writer-secure> ( path encoding -- stream )
+    [ normalize-path (file-writer-secure) { file-writer } declare ] dip <encoder> ; inline
+
 : <file-appender> ( path encoding -- stream )
     [ normalize-path (file-appender) { file-writer } declare ] dip <encoder> ; inline
 
@@ -53,6 +58,9 @@ HOOK: (file-appender) io-backend ( path -- stream )
 : with-file-writer ( path encoding quot -- )
     [ <file-writer> ] dip with-output-stream ; inline
 
+: with-file-writer-secure ( path encoding quot -- )
+    [ <file-writer-secure> ] dip with-output-stream ; inline
+
 : set-file-lines ( seq path encoding -- )
     [ [ print ] each ] with-file-writer ;