To those on gimp-developer:

My gripe is that gimp ignores $TMPDIR, the default location is in my home
directory which is on a slow NFS mount, and specifying /tmp is unsafe.

On Mon, Nov 06, 2000 at 08:52:46AM -0800, Ben Gertzfield wrote:
> >>>>> "Brian" == Brian Ristuccia <[EMAIL PROTECTED]> writes:
>     Brian> I don't think gimp temporary file creation is safe. gimp
>     Brian> swap files have names like that could be
>     Brian> easily predicted. If someone puts a symlink in /tmp, they
>     Brian> could trick the user into overwriting files.
> I agree, but since the GIMP installer lets you *choose* where you
> put your temp files, you can either pick a safe place like your
> homedir, or an unsafe but convenient place like /tmp.
> A patch for safe usage in either /tmp or the homedir would probably
> be gladly accepted. :)

Actually, I've come up with a somewhat better idea:

* If the entire path exists already, it must be owned by the user running
  gimp and not writable by others. Otherwise, the next step is tried: 

* If the location is not writable by the user, an error will occur. 

* If the location is writable by the user but also writable by others, gimp
  will create a directory there with an unpredictable name and append it to
  the temp file path only if the sticky bit is set. Otherwise, an error will

* If the last component in the path doesn't exist, it will be created in a
  safe manner with an unpredictable suffix. If the directory is writable by
  others, the sticky bit must be set. Otherwise, an error will occur. 

I'll start working on a patch.

Brian Ristuccia

Reply via email to