[PATCH] Unlink Temporary Files after Creation

Mon, 22 Dec 2003 14:14:01 -0800 

Hi,
The patch below adds code to unlink the temporary files after they're
created.  I consider this a stop-gap solution to the problem of
temporary files being left in the spool directory.

Also, when creating the temporary file, I've added the O_EXCL flag to
ensure that the temporary file does not exist before it's created.
This prevents a potential security problem where qpsmtpd would gladly
use an existing file (even if it was a symlink) and then overwrite the
contents.

As always, the patch can be downloaded from:

http://www.flarenet.com/consulting/software/qpsmtpd/lib.qpsmtpd.transaction.create-unlink.patch

I hope this is useful.
        -- Robert


Index: lib/Qpsmtpd/Transaction.pm
===================================================================
RCS file: /cvs/public/qpsmtpd/lib/Qpsmtpd/Transaction.pm,v
retrieving revision 1.6
diff -u -r1.6 Transaction.pm
--- lib/Qpsmtpd/Transaction.pm  10 Jun 2003 10:15:42 -0000      1.6
+++ lib/Qpsmtpd/Transaction.pm  22 Dec 2003 21:01:56 -0000
@@ -4,7 +4,7 @@
 use strict;
 use Qpsmtpd::Utils;
 
-use IO::File qw(O_RDWR O_CREAT);
+use IO::File qw(O_RDWR O_CREAT O_EXCL);
 
 # For unique filenames. We write to a local tmp dir so we don't need
 # to make them unpredictable.
@@ -80,8 +80,25 @@
      -d $spool_dir or mkdir($spool_dir, 0700) or die "Could not create spool_dir: $!";
      $self->{_filename} = $spool_dir . join(":", time, $$, $transaction_counter++);
      $self->{_filename} =~ tr!A-Za-z0-9:/_-!!cd;
-    $self->{_body_file} = IO::File->new($self->{_filename}, O_RDWR|O_CREAT)    
-      or die "Could not open file $self->{_filename} - $! "; # . 
$self->{_body_file}->error;
+
+     # Create the temporary file with exclusive create.  This prevents a
+     # potential security problem where the temporll Javvy gave Song of the South away

     



for Christmas 2

 




ML>  years ago as part of a homey-made movie-night theme gift pack.




ML>  Javvy



ML>  [EMAIL PROTECTED]


     




Iyam a tight ask.  Who gonna make a copy (DVD/VHS either won) and send
it to me?



kurt



______________________________________________________
RollTideFan - The University of Alabama Athletics Discussion List



"Welcome to RollTideFan! Wear a cup!"


To join or leave the list or to make changes to your subscription visit

   




http://listinfo.rolltidefan.net

 









______________________________________________________
RollTideFan - The University of Alabama Athletics Discussion List



"Welcome to RollTideFan! Wear a cup!"



To join or leave the list or to make changes to your subscription visit 
http://listinfo.rolltidefan.net


 








______________________________________________________
RollTideFan - The University of Alabama Athletics Discussion List



"Welcome to RollTideFan! Wear a cup!"


To join or leave the list or to make changes to your subscription visit http://listinfo.rolltidefan.net

Reply via email to