On Mon, May 12, 2008 at 10:44:08AM -0600, zooko wrote: > On May 12, 2008, at 8:52 AM, Jason Dagit wrote: > > >From glancing at the thread where Eric and David discuss this, I > >don't think it's about the creation per se. It seems that two > >issues were identified. One is that darcs shouldn't need to create > >a temp file for communicating to a pager (just use stdin/out). The > >other issue is how can darcs create a temporary file which can be > >safely closed and re-opened? The easiest way to make sure the file > >can be reopened without being subject to a malicious attack is to > >create the file somewhere that the user has exclusive control. > >Which more or less explains why darcs wanted to create the temp > >file in the current working directory. > > Thank you for the explanation, Jason. > > I don't think this matter is urgent (and I'm sorry that I complained > so bitterly about it in my previous post on the topic of temp files), > but for future reference, a good solution to the issue of wanting to > re-open a temp file by name is to create that temp file inside a temp > directory which was itself created securely and which only you have > write access to. > > So concretely darcs, or the relevant Haskell library, can atomically > create a temp directory which only the user can write into (by umask > on Unix, or by the directory location on Windows, or whatever the > platform's preferred idiom is for achieving this -- it is something > that application-layer code shouldn't need to know about), and then > create a temp file inside that directory.
I've heard that before. Provided someone with the appropriate expertise (you?) were to review code such as this, I'd accept code to make this change. David _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
