On Wed, 7 Mar 2012 17:58:48 +0100 Joerg Sonnenberger <jo...@britannica.bec.de> said:
> On Thu, Mar 08, 2012 at 12:51:19AM +0900, Carsten Haitzler wrote: > > On Wed, 7 Mar 2012 12:37:42 -0300 Gustavo Sverzut Barbieri > > <barbi...@profusion.mobi> said: > > > > > On Wed, Mar 7, 2012 at 6:05 AM, Enlightenment SVN > > > <no-re...@enlightenment.org> wrote: > > > > Log: > > > > to be paranoid - ensure umask for mkstemp allows no other uids oir > > > > grps access. > > > > > > Ugh, isn't there any other way to do this? What you did break if > > > people are using other threads to open files, and if they fork() they > > > will inherit these values! TOO BAD :-( > > > > 1. umask is reset back immediately after creation so fork (unless its FROM > > another thread which is incredibly odd) wont be a problem > > 2. its changed for a very short period so yes - it could affect other > > threads creating files too but its a very small condition, but yes - its > > possible > > 3. no mk*temp libc funcs let u set mode so this is the only way other than > > creating our own tmpfile name allocator. > > > > NOT doing this makes for a security hole. i'd rather this very "rare/odd" > > bug than the security hole until someone spends the time to make a custom > > tmpfile creator. > > mkstemp is supposed to create the file with 0600 permission, so is that > really necessary? indeed you are right - early glibc's were 0666. shall remove then. glibc issue if they care about this. :) -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ras...@rasterman.com ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
