(Forwarded from https://codespeak.net/issue/pypy-dev/issue376)
Begin forwarded message:
From: Armin Rigo <[EMAIL PROTECTED]>
The fact that the directory name is predictable is very useful in various
situations, so it's unlikely that we can be convinced to change that. I do
see the point that the py lib could be tricked into removing unrelated data
that would happen to have the same name, but I think that we can find other
solutions than unpredictable directory names in order to fix that specific
issue.
An idea would be to put a certain dot-file in the temporary directory when
it is created, and check for it before removing the whole dir later. If we
want to be paranoid, the dot-file's content should be a random salt followed
by the SHA checksum of ("salt" + "directory-name" +
"constant-py-lib-token"), so that if the content still matches later, it
proves that the directory was really created by the py lib (unless it was
created by a malicious program that contains a copy of the same
"constant-py-lib-token" - but of course it's not possible to prevent a
malicious program run by the same user to do whatever it pleases anyway).
Does this sound acceptable to debian-level security?
--
Chris Lamb, UK [EMAIL PROTECTED]
GPG: 0x634F9A20
signature.asc
Description: PGP signature

