On Fri, May 9, 2008 at 7:07 AM, Kari Hoijarvi <[EMAIL PROTECTED]> wrote: > David Roundy wrote: >> The problem with this change is that we use the current directory for >> security reasons, since it's very hard to safely use the /tmp directory >> when communicating with external programs. e.g. every time we run darcs >> push, darcs creates the patch bundle in a temporary file before applying >> it. If we create this file in /tmp, then a malicious user might be able to >> cleverly create a substitute ... > This is a know security issue, which has been addressed at least since > Windows 2000. Temporary files need to be private. > > That's why the c:\temp is obsolete. By default Windows XP sets: > > TEMP=C:\Documents and Settings\hoijarvi\Local Settings\Temp > > I'm the owner of this directory, so you need to log on as me or > administrators rights to access it. > > If the user sets TEMP=C:\Temp, it's already a security hole, not your > problem. > > So darcs definitely should follow TEMP by default. > Allowing to override this with DARCS_TMPDIR is fine but I see it as an > unnecessary feature.
However, darcs isn't a windows-specific program, and it's usually best to avoid adding operating-system-specific behavior. David _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
