From 4185e30d73f24bce9dfbfa106395d132604af9a0 Mon Sep 17 00:00:00 2001
From: Kovid Goyal <kovid@kovidgoyal.net>
Date: Thu, 26 Jan 2023 11:34:46 +0530
Subject: [PATCH] Code to more securely create anonymous temp files on Linux

---
 tools/utils/tmpfile_linux.go  | 39 +++++++++++++++++++++++++++++++++++
 tools/utils/tmpfile_others.go | 25 ++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 tools/utils/tmpfile_linux.go
 create mode 100644 tools/utils/tmpfile_others.go

diff --git a/tools/utils/tmpfile_linux.go b/tools/utils/tmpfile_linux.go
new file mode 100644
index 000000000..95c2bec79
--- /dev/null
+++ b/tools/utils/tmpfile_linux.go
@@ -0,0 +1,39 @@
+//go:build linux
+
+// License: GPLv3 Copyright: 2023, Kovid Goyal, <kovid at kovidgoyal.net>
+package utils
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+
+	"golang.org/x/sys/unix"
+)
+
+var _ = fmt.Print
+
+func CreateAnonymousTemp(dir string) (*os.File, error) {
+	if dir == "" {
+		dir = os.TempDir()
+	}
+	fd, err := unix.Open(dir, unix.O_RDWR|unix.O_TMPFILE|unix.O_CLOEXEC, 0600)
+
+	if err == nil {
+		path := "/proc/self/fd/" + strconv.FormatUint(uint64(fd), 10)
+		return os.NewFile(uintptr(fd), path), nil
+	}
+	if err == unix.ENOENT {
+		return nil, err
+	}
+	f, err := os.CreateTemp(dir, "")
+	if err != nil {
+		return nil, err
+	}
+	err = os.Remove(f.Name())
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+	return f, err
+}
diff --git a/tools/utils/tmpfile_others.go b/tools/utils/tmpfile_others.go
new file mode 100644
index 000000000..7d231c2e8
--- /dev/null
+++ b/tools/utils/tmpfile_others.go
@@ -0,0 +1,25 @@
+//go:build !linux
+
+// License: GPLv3 Copyright: 2023, Kovid Goyal, <kovid at kovidgoyal.net>
+
+package utils
+
+import (
+	"fmt"
+	"os"
+)
+
+var _ = fmt.Print
+
+func CreateAnonymousTemp(dir string) (*os.File, error) {
+	f, err := os.CreateTemp(dir, "")
+	if err != nil {
+		return nil, err
+	}
+	err = os.Remove(f.Name())
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+	return f, err
+}