(I'm breaking the discussion about temporary file handling off from issue385, given that it isn't specific to that).
David, you mentioned not wanting mkstemp to make files in /tmp because we close them right away and return the filename. I was thinking a bit more about that, and I don't think it is an issue. mktemp is insecure because it checks to see if a file exists, and then opens it. During the time between checking to see if a file exists and opening it, a malicious user could create the file and claim ownership of it. mkstemp gets rid of this problem by checking if a file exists and opening it before returning. At this point, you own the file and have 0600 permissions on it, so nobody else can open it. Even if you close the file immediately after, you still can safely assume that nobody else controls the file. At least, that is my understanding of it. So I think having tempdir_loc use /tmp is not a security concern, and could solve some of our issues of where to create temporary files. Can anyone see a flaw in my thinking here? -- Zachary P. Landau <[EMAIL PROTECTED]> GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
signature.asc
Description: Digital signature
_______________________________________________ darcs-devel mailing list darcs-devel@darcs.net http://lists.osuosl.org/mailman/listinfo/darcs-devel
