To those on gimp-developer:
My gripe is that gimp ignores $TMPDIR, the default location is in my home
directory which is on a slow NFS mount, and specifying /tmp is unsafe.
On Mon, Nov 06, 2000 at 08:52:46AM -0800, Ben Gertzfield wrote:
> >>>>> "Brian" == Brian Ristuccia <[EMAIL PROTECTED]> writes:
> Brian> I don't think gimp temporary file creation is safe. gimp
> Brian> swap files have names like gimpswap.pid that could be
> Brian> easily predicted. If someone puts a symlink in /tmp, they
> Brian> could trick the user into overwriting files.
> I agree, but since the GIMP installer lets you *choose* where you
> put your temp files, you can either pick a safe place like your
> homedir, or an unsafe but convenient place like /tmp.
> A patch for safe usage in either /tmp or the homedir would probably
> be gladly accepted. :)
Actually, I've come up with a somewhat better idea:
* If the entire path exists already, it must be owned by the user running
gimp and not writable by others. Otherwise, the next step is tried:
* If the location is not writable by the user, an error will occur.
* If the location is writable by the user but also writable by others, gimp
will create a directory there with an unpredictable name and append it to
the temp file path only if the sticky bit is set. Otherwise, an error will
* If the last component in the path doesn't exist, it will be created in a
safe manner with an unpredictable suffix. If the directory is writable by
others, the sticky bit must be set. Otherwise, an error will occur.
I'll start working on a patch.