On Tue, Jun 11, 2002 at 02:10:18PM +0300, guy keren wrote: > > On Tue, 11 Jun 2002, Muli Ben-Yehuda wrote: > > > > > I need to open a temporary file (but with a fixed name, so mkstemp() > > > > and friends are not an option) > > > > > > Why a fixed name? Can it be a symlink? > > > > Because I'm doing it as part of syscalltrack's test suite, and it > > needs to be a fixed name so that I'll be able to make rules to match > > on it. We do support pattern matching, so I could use mkstemp() with a > > fixed template, but I would like to test our '==' operator, not just > > '=~'. > > who might 'pull the file below our feet'?
An attacker. Since the tests must be run as root, I would hate to see us featured on bugtraq one day. Remember, just because I'm paranoid doesn't mean they aren't after me. > what i'd suggest (pitty we didn't do that long ago) is create a directory, > chdir to it, and in _that_ directory perform all of the testing. this way, > you could eventually just recursively remove the directory during > cleanup. I have a patch implementing this already written. However, it doesn't protect us from the synlink attack. > for mode changing, there is 'fchmod'. for exec, there is 'fexecv'. but > there is no 'funlink', i'm afraid. I know. Seems like a rather glaring ommision in unixish design. -- Sterday 20 Forelithe 7466 http://vipe.technion.ac.il/~mulix/ http://syscalltrack.sf.net/
msg19969/pgp00000.pgp
Description: PGP signature
