[darcs-devel] Temporary files issue

Zachary P. Landau kapheine at divineinvasion.net
Wed Feb 7 11:12:03 PST 2007


On Wed, Feb 07, 2007 at 07:20:13PM +0100, Juliusz Chroboczek wrote:
> >> I think most /tmp dirs have the t-flag set, which means you must
> >> be the owner of a file to delete it from the directory. In those
> >> cases it seems safe, but I don't know for certain.
> 
> I'd formulate it in a different manner.  Using /tmp is most certainly
> safe on sane Linux and BSD systems.  It's anyone guess what happens on
> other OSes.
> 
> In other words -- unless there's someone here who fully understands
> the semantics of the sticky bit on Solaris and HP/UX, it's not a can
> of worms we want to open.

I wonder if instead we should be using tmpfile().  The Linux manpage for
it says that it conforms to POSIX.1-2001, so I would hope the other OSes
will implement it correctly.  The other benefit is that tmpfile() will
determine the directory to use.  If some OS for some reason doesn't have
a secure /tmp, then it might provide another directory for tmpfile to
use.

I guess my main issue is that if calls like mkstemp() and tmpfile() are
meant for securely creating temporary files and an OS does not implement
it correctly, darcs will only be one of the many applications that will
be susceptible to attack.  The issue at that point would be the security
of the OS, not of an application.  Sure a workaround for applications
could be made, but that feels like a hack around a bigger problem.

I don't mean to sound like I'm set on using /tmp (or tmpfile()).  But it
would provide a clean solution to the temp file problem, so I don't want
to disregard it unless there really is a valid reason to avoid it.

--
Zachary P. Landau <kapheine at divineinvasion.net>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20070207/c489f9f8/attachment.pgp


More information about the darcs-devel mailing list