On 10/01/2016 03:29 PM, Dicebot wrote:
On Saturday, 1 October 2016 at 18:24:07 UTC, Andrei Alexandrescu wrote:
Granted, no contest. Seems to me we could be a better denizen of said
junkyard. What I noticed other apps do is create one directory in /tmp
and then place their junk in there. -- Andrei
Yeah, it is both common and "wrong" (considered insecure) :) Problem is
that it allows one to hijack output from the binary and redirect it
somewhere else. If binary is running as privileged user, it can possibly
be used as an attack vector.
Understood, thanks.
Not like this is real security concern in dmd case but guidelines like
"don't make /tmp/ path predictable" exist exactly so that one can have
simple safe default and not worry about possibilities.
This may be a misunderstanding. I'm saying is to switch from
unpredictable paths rooted in /tmp/ to equally unpredictable paths
rooted in /tmp/.dmd-test-run/.
Thanks,
Andrei
