[darcs-devel] Temporary files issue
Tommy Pettersson
ptp at lysator.liu.se
Sun Feb 4 12:28:18 PST 2007
On Sun, Feb 04, 2007 at 02:09:15PM -0500, Zachary P. Landau wrote:
> At this point, you own the file and have
> 0600 permissions on it, so nobody else can open it. Even if you close
> the file immediately after, you still can safely assume that nobody else
> controls the file.
If the directory really is world writable, other users can
_delete_ the (or any) file even if they don't own it, because
they are really only writing to the _directory_, removing the
file name (but not any open handles) from it. They can then
create a new entry in the directory, with the same name, like a
symbolic link to /home/darcs-user/very-important-file. That's
not good if darcs opens it by name with darcs-user's privileges,
and writes to it.
I think most /tmp dirs have the t-flag set, which means you must
be the owner of a file to delete it from the directory. In those
cases it seems safe, but I don't know for certain. Even with the
t-flag, if the file will be used for a long time, there's the
possibility of tmp-reapers removing the file, but that is of
course not darcs' fault.
--
Tommy Pettersson <ptp at lysator.liu.se>
More information about the darcs-devel
mailing list