Steven Allen

> The scenario you are mentioning (DoS) is the least concerning. I would be much more concerned about an attacker manipulating file permissions and content, or escalating privileges. This can...

> Can this crate be used in production where the filenames must be unpredictable ? Yes, it absolutely can. Same as python and go which use the same randomness function...

> Using getrandom instead is possible, but this will require mapping &[u8] to alphanumeric strings, which requires vendoring some kind of integer sampling. 1. Define a dictionary (`A-Za-z0-9`). 2. Take...

The best solution is probably to read, maybe, 1k of bytes into a thread-local buffer, then draw randomness from that until we run out.

> Unfortunately, that method is slightly biased and does not result in a uniform alphanumeric distribution. Hm, that slightly biases the first 8 characters.

As far as I know, persist _should_ keep the permissions. So you should be able to: 1. Create a named temporary file. 2. Chmod the temporary file. 3. Call persist....

IIRC, the problem is MacOS and the BDSs. On those platforms, temporary files are implemented by creating then immediately unlinking, and there's no way to "relink" (last I checked).

> Ok yeah, so I'm wondering if removing the flag preventing the file from being copied on platforms where it can be - is that a feature or a secruity...

I'll take a look at the patch. But please make sure it's _generally_ useful. E.g., extends the tempfile builder to allow one to specify permissions/modes etc, not a one-off function...

I'm not sure this is the right behavior. The docs imply that one should: 1. Call `GetTempPath` to get the location where temporary files _should_ be written. 2. Check to...