Bryan Davis <bd...@wikimedia.org> wrote: >> The file itself is written by the web server user (which is always the >> same as the tool account isn't it?) and then chmod'd 0660. Is that >> enough?
> If you write the contents and then chmod there is a small race > condition introduced where the data might be visible to another > user/process. To make sure that others can not see the file contents > you should: > * create an empty file: touch( $file ) [0] > * make the file readable only by the web server process: chmod( $file, > 0600 ) [1] > * write the token to the file: file_put_contents( $file, $token ) > […] What happens on Linux when (on the premise that $file is by default readable by somebody else) another process opens the file between 1. and 2. for reading if the file is not on NFS? chmod(2) says: | […] | On NFS filesystems, restricting the permissions will immedi- | ately influence already open files, because the access con- | trol is done on the server, but open files are maintained by | the client. Widening the permissions may be delayed for | other clients if attribute caching is enabled on them. | […] but does not mention local filesystems. In general, one can use umask(), or tempnam() if lazy and/or possible, but it's very easy to miss attack vectors. (So I would suggest using the database as well :-).) Tim _______________________________________________ Labs-l mailing list Labs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/labs-l