On Wed, Feb 07, 2007 at 03:56:36PM -0500, Zachary P. Landau wrote: > On Wed, Feb 07, 2007 at 03:29:06PM -0500, Dylan Thurston wrote: > > On Wed, Feb 07, 2007 at 11:27:30AM -0800, David Roundy wrote: > > > > I wonder if instead we should be using tmpfile(). > > > > ... > > > > > > tmpfile() would be nice, but the file is deleted automatically when the > > > handle is closed (perhaps deleted before the handle is returned?), so we > > > can't use it when we want a filename that we can pass to emacs. > > > > The standard solution is to use mkdtemp to create a dirctory (with mode > > 0700) and then create a file in that directory with your choice of > > name. mkdtemp is not in POSIX currently, but it seems like it will be > > added soon. > > The Secure Programs HOWTO link does mention mkdtemp. They only mention > that tmp cleaners can cause a security issue with mkdtemp, as Thomas > brought up last week. I feel like tmp cleaners could cause other issues > in general, but maybe if people are using them we still need to worry?
I'm not sure, but I've gotten the impression that if tmp cleaners are used then /tmp is pretty much irredeemably insecure, and there's not much point worrying about that case. But maybe there are folks who use tmp cleaners and also care about security. After all, one reason to use tmp cleaners is simply to avoid DOS attacks that fill up tmp--which itself is a security issue. Wouldn't it be nice if everybody would just agree to be good? -- David Roundy Department of Physics Oregon State University
signature.asc
Description: Digital signature
_______________________________________________ darcs-devel mailing list darcs-devel@darcs.net http://lists.osuosl.org/mailman/listinfo/darcs-devel
