[darcs-devel] Temporary files issue
Zachary P. Landau
kapheine at divineinvasion.net
Sun Feb 4 11:09:15 PST 2007
(I'm breaking the discussion about temporary file handling off from
issue385, given that it isn't specific to that).
David, you mentioned not wanting mkstemp to make files in /tmp because
we close them right away and return the filename. I was thinking a bit
more about that, and I don't think it is an issue. mktemp is insecure
because it checks to see if a file exists, and then opens it. During
the time between checking to see if a file exists and opening it, a
malicious user could create the file and claim ownership of it.
mkstemp gets rid of this problem by checking if a file exists and
opening it before returning. At this point, you own the file and have
0600 permissions on it, so nobody else can open it. Even if you close
the file immediately after, you still can safely assume that nobody else
controls the file.
At least, that is my understanding of it. So I think having tempdir_loc
use /tmp is not a security concern, and could solve some of our issues
of where to create temporary files. Can anyone see a flaw in my
thinking here?
--
Zachary P. Landau <kapheine at divineinvasion.net>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20070204/41a126d8/attachment.pgp
More information about the darcs-devel
mailing list