[darcs-devel] Temporary files issue
Zachary P. Landau
kapheine at divineinvasion.net
Wed Feb 7 13:48:33 PST 2007
> I'm not sure, but I've gotten the impression that if tmp cleaners are used
> then /tmp is pretty much irredeemably insecure, and there's not much point
> worrying about that case. But maybe there are folks who use tmp cleaners
> and also care about security. After all, one reason to use tmp cleaners is
> simply to avoid DOS attacks that fill up tmp--which itself is a security
> issue.
Maybe this afternoon I'll do a little searching about and see what
people (other than that HOWTO) are saying about using mkdtemp. The
non-security issue is: what do we for operating systems that don't
provide mkdtemp? Maybe haskell.org should sponsor a compile farm for
every OS that runs GHC. Then we could see if all of them support it.
> Wouldn't it be nice if everybody would just agree to be good?
Maybe nobody ever asked. Let's change the world, right here on
darcs-devel:
I hereby promise to be a good person, in all aspects of my life,
including but not exclusively with regard to security issues.
-- Zachary P. Landau, 2007-02-07
If we can get 6 billion people to sign the above statement, we can just
use mktemp() in /tmp.
--
Zachary P. Landau <kapheine at divineinvasion.net>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20070207/cb446f14/attachment.pgp
More information about the darcs-devel
mailing list