[darcs-devel] Temporary files issue

Zachary P. Landau kapheine at divineinvasion.net
Wed Feb 7 11:45:19 PST 2007 

> My concern is just that my understanding of how to properly use mkstemp()
> and tmpfile() is that you can't close the file or rely on its name, both of
> which we need to do in order to interface with external programs.
> 
> > I don't mean to sound like I'm set on using /tmp (or tmpfile()).  But it
> > would provide a clean solution to the temp file problem, so I don't want
> > to disregard it unless there really is a valid reason to avoid it.
> 
> A clean solution would certainly be nice... I just don't see a solution,
> unless it's just that "once you've created a file in /tmp, you can do
> whatever you like with it, as long as you don't delete it, and you're still
> safe from attack".  If that sentence were true, we'd be fine using /tmp
> with mkstemp() using the $TMPDIR (or just /tmp)---I still don't see how we
> could use tmpfile().

I've just skimmed over
http://tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html a bit.
There do appear to be reasons why you can't securely use mkstemp and
then close the file.  I'll read more details into that tonight.

But the general idea seems to be that that are a lot more issues with
/tmp then just the basic race condition with regard to the filename.
That page does start going into ways you can avoid using mkstemp and
still be secure, but it looks tricky.  And tricky usually means that we
will make a mistake somewhere and there will be a security flaw.

So I think you are justified in avoiding /tmp.  I hereby concede.  I do
still like the fallback of using $HOME/.darcs/tmp if we fail every other
method we have of getting a valid directory.  If we can all agree on
that, I'll whip up a patch to implement that.

--
Zachary P. Landau <kapheine at divineinvasion.net>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20070207/632db7cf/attachment.pgp

More information about the darcs-devel mailing list