On May 12, 2008, at 8:52 AM, Jason Dagit wrote: > From glancing at the thread where Eric and David discuss this, I > don't think it's about the creation per se. It seems that two > issues were identified. One is that darcs shouldn't need to create > a temp file for communicating to a pager (just use stdin/out). The > other issue is how can darcs create a temporary file which can be > safely closed and re-opened? The easiest way to make sure the file > can be reopened without being subject to a malicious attack is to > create the file somewhere that the user has exclusive control. > Which more or less explains why darcs wanted to create the temp > file in the current working directory.
Thank you for the explanation, Jason. I don't think this matter is urgent (and I'm sorry that I complained so bitterly about it in my previous post on the topic of temp files), but for future reference, a good solution to the issue of wanting to re-open a temp file by name is to create that temp file inside a temp directory which was itself created securely and which only you have write access to. So concretely darcs, or the relevant Haskell library, can atomically create a temp directory which only the user can write into (by umask on Unix, or by the directory location on Windows, or whatever the platform's preferred idiom is for achieving this -- it is something that application-layer code shouldn't need to know about), and then create a temp file inside that directory. Regards, Zooko _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
