On 10/01/2016 05:00 PM, Guillaume Boucher wrote:
On Saturday, 1 October 2016 at 19:51:05 UTC, Dicebot wrote:
I think that is OK but only if actual file inside the dir is created
with `mktemp --tmpdir=/tmp/.dmd-test-run/` (or using a similar
technique).
This is not sufficient. Any user can create a symlink from
/tmp/.dmd-test-run/ to e.g. /very/private/root/directory/ (that user
can't access it, but symlinks don't check the permission of the
target). Executed as root user, mktemp then creates a unique file in
/very/private/root/directory/. Which can be used for example to litter
a filesystem, which hurts performance or fills disks.
That's why I was saying /tmp/.dmd-test-run/ should have permissions
0700. I think a better naming scheme would be
/tmp/dmd-testrun-username/, or if that already exists with wrong
permissions /tmp/dmd-testrun-username-RANDOMCHARS/. The files inside
that directory don't need to have random names (afaik).
Interesting, thanks. Seems like the most robust thing to do is to not
use /tmp/ after all. In fact, I've encountered errors because (if I
remember correctly) we list the content of the /tmp/ directory in
unittests and we get exceptions because some dirs are not accessible.
A PR reviewing all uses of /tmp/ would be awesome.
Andrei
