Zachary P. Landau schrob:
> On Fri, Jun 23, 2006 at 11:19:57AM -0500, Graham Wilson wrote:
> > On Fri, Jun 23, 2006 at 10:13:42AM -0500, Richard A. Smith wrote:
> > > Newer darcs appear to have a predictable temp filename on record. Isn't
> > > this a security problem?
> >
> > Is it actually a file in a sticky directory (e.g. tmp), or is it in the
> > _darcs directory? The former is perfectly fine (unless you don't trust
> > yourself), but the latter is certainly a problem.
>
> How would having it in /tmp be a problem, as long as your permissions
> are sane? (And assuming that darcs is smart about how it creates files
> and sets permissions, which I think it is)
The obvious way to get this wrong is overwriting/changing the file in /tmp
if it exists. The less obvious way is just creating a file with
attacker-defined contents. In either case, if there's a symlink in /tmp
with the filename of your tempfile, and that symlink points to an
interesting location, you probably just did something bad.
Basically, /tmp is a bad idea, and since darcs can safely write to
_darcs, it should do so.
regards,
Jan
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
