[darcs-devel] Temporary files issue
David Roundy
droundy at darcs.net
Wed Feb 7 11:20:55 PST 2007
On Wed, Feb 07, 2007 at 07:20:13PM +0100, Juliusz Chroboczek wrote:
> >> I think most /tmp dirs have the t-flag set, which means you must
> >> be the owner of a file to delete it from the directory. In those
> >> cases it seems safe, but I don't know for certain.
>
> I'd formulate it in a different manner. Using /tmp is most certainly
> safe on sane Linux and BSD systems. It's anyone guess what happens on
> other OSes.
>
> In other words -- unless there's someone here who fully understands
> the semantics of the sticky bit on Solaris and HP/UX, it's not a can
> of worms we want to open.
I'm mostly hesitant about using /tmp simply because I don't fully
understand the possible attacks. If we are confident that (in the absence
of /tmp cleaners?) using /tmp (as we plan to use it) is safe on linux and
BSD systems, then I'd say we should go ahead and do this (obeying $TEMP,
etc, of course). But I'd want someone we trust (e.g. you, Juliusz) who
knows about such questions to tell us that it is safe. I've seen just
enough security-related statements to believe that I don't understand well
enough to predict the security implications involving use of /tmp.
--
David Roundy
Department of Physics
Oregon State University
More information about the darcs-devel
mailing list